{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-43482", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-11-07T15:29:19.779Z", "datePublished": "2024-02-06T16:20:15.812Z", "dateUpdated": "2024-02-06T18:00:06.919Z"}, "containers": {"cna": {"affected": [{"vendor": "Tp-Link", "product": "ER7206 Omada Gigabit VPN Router", "versions": [{"version": "1.3.0 build 20230322 Rel.70591", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE", "cweId": "CWE-78"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-02-06T18:00:06.919Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850"}], "credits": [{"lang": "en", "value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*", "matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de comandos en la funcionalidad de recursos invitados de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de un comando arbitrario. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-43482", "lastModified": "2024-02-09T02:11:03.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Primary"}]}, "published": "2024-02-06T17:15:08.973", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "talos-cna@cisco.com", "type": "Primary"}]}

{}