CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36498
https://notcve.org/view.php?id=CVE-2023-36498
06 Feb 2024 — A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. Existe una vulnerabilidad de inyección de comando posterior a la autenticación en la funcionalidad del cliente PPTP de Tp-Link ER7206 Omada Gigabi... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47209
https://notcve.org/view.php?id=CVE-2023-47209
06 Feb 2024 — A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de inyección de comando posterior a la autenticación en la funcionalidad de política ipsec de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.7... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1854 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47167
https://notcve.org/view.php?id=CVE-2023-47167
06 Feb 2024 — A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de inyección de comando posterior a la autenticación en la funcionalidad de política GRE de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1855 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-42664
https://notcve.org/view.php?id=CVE-2023-42664
06 Feb 2024 — A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de inyección de comando posterior a la autenticación al configurar la configuración global PPTP de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 bui... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1856 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46683
https://notcve.org/view.php?id=CVE-2023-46683
06 Feb 2024 — A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de inyección de comando posterior a la autenticación al configurar la funcionalidad VPN de protección de cables de Tp-Link ER7206 Omada Gigabit ... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1857 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47617
https://notcve.org/view.php?id=CVE-2023-47617
06 Feb 2024 — A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de inyección de comando posterior a la autenticación al configurar el miembro del grupo web de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 ... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1858 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47618
https://notcve.org/view.php?id=CVE-2023-47618
06 Feb 2024 — A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de ejecución de comando posterior a la autenticación en la funcionalidad de filtrado web de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1859 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 2CVE-2023-49515
https://notcve.org/view.php?id=CVE-2023-49515
17 Jan 2024 — Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. La vulnerabilidad de permisos inseguros en TP Link TC70 y C200 WIFI Camera v.3 firmware v.1.3.4 y corregida en v.1.3.11 permite a un atacante físicamente cercano obtener información confidencial a través de una conexión a los componentes del pin UART. • https://github.com/VineethKumarM/TAPO-TC70-Unauthorized-root-access-using-UART • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-21833
https://notcve.org/view.php?id=CVE-2024-21833
10 Jan 2024 — Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red con acceso al producto ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware de Archer AX3000 anteriores a "Archer ... • https://jvn.jp/en/vu/JVNVU91401812 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21821
https://notcve.org/view.php?id=CVE-2024-21821
10 Jan 2024 — Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. Múltiples productos TP-LINK permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware de Archer AX3000 anteriores a "Archer AX3000(JP)_V1_1.1.2 Build 20231115", versiones de firmware de Archer AX5400 anteriores a "Archer AX5... • https://jvn.jp/en/vu/JVNVU91401812 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •