CVE-2023-36498 in ER7206 Omada Gigabit VPN Routerजानकारी

सारांश

द्वारा MITRE • 06/02/2024

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

जिम्मेदार

Talos

आरक्षित करना

07/11/2023

प्रकटीकरण

06/02/2024

संयम

स्वीकृत

प्रविष्टि

VDB-253038

CPE

तैयार

CWE

CWE-78 (पुष्टि की गई)

CVSS

7.2 (CNA)

EPSS

0.00752

KEV

नहीं

गतिविधियाँ

बहुत कम

क्षेत्र

Industry, Chemical, ...

स्रोत

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-36498
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-36498
CVE Details	https://www.cvedetails.com/cve/CVE-2023-36498/

◂ पिछला सिंहावलोकन अगला ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!