Vulnerability Details CVE-2023-46683
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2023-46683
-
cpe:2.3:h:tp-link:er7206:-
-
cpe:2.3:o:tp-link:er7206_firmware:1.3.0