A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853 | Exploit Technical Description Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2024-02-06T16:20:15.386Z
Updated: 2024-06-04T17:25:48.774Z
Reserved: 2023-11-07T22:57:30.277Z
Link: CVE-2023-36498
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-06T17:15:08.527
Modified: 2024-02-09T02:09:17.397
Link: CVE-2023-36498
JSON object: View
Redhat Information
No data.
CWE