Vulnerabilities > CVE-2023-47167 - Unspecified vulnerability in Tp-Link Er7206 Firmware 1.3.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

tp-link

NVD

Published: 2024-02-06

Updated: 2024-11-21

Summary

A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Tp-Link TP Link Er7206 Firmware 1.3.0	1
Hardware	Tp-Link TP Link Er7206 -	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1855
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1855