HIGH🇵🇱 Wersja polska

CVE-2023-43482

CVSS 7.2v3.1pub. 2024-02-06upd. 2025-11-04

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Tp Link Er7206

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Er7206 Firmware

    OS
    Tp-Link
    1.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPNCommand Injection
CWE
References

Related vulnerabilities

CVE-2025-6542CRITICAL9.3PL ✓ten sam produkt

Zdalne wykonanie poleceń OS bez uwierzytelnienia w routerach TP-Link Omada

CVE-2025-7850CRITICAL9.3PL ✓ten sam produkt

Command injection w bramkach Omada (TP-Link) po uwierzytelnieniu admina

CVE-2025-7851HIGH8.7ten sam produkt

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gate...

CVE-2025-6541HIGH8.6ten sam produkt

An arbitrary OS command may be executed on the product by the user who can log in to the web management interf...

CVE-2024-21827HIGH7.2ten sam produkt

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigab...