CVE-2023-36498 in ER7206 Omada Gigabit VPN Routerinfo

Zusammenfassung

von MITRE • 06.02.2024

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Talos

Reservieren

07.11.2023

Veröffentlichung

06.02.2024

Moderieren

akzeptiert

Eintrag

VDB-253038

CPE

bereit

CWE

CWE-78 (bestätigt)

CVSS

7.2 (CNA)

EPSS

0.00752

KEV

nein

Aktivitäten

very low

Sektor

Industry, Telecommunication, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-36498
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-36498
CVE Details	https://www.cvedetails.com/cve/CVE-2023-36498/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!