CVE-2023-42664

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Feb 6, 2024

Updated: Feb 9, 2024

CWE ID 78

Summary

CVE-2023-42664 is a post-authentication command injection vulnerability affecting Tp-Link ER7206 Omada Gigabit VPN Routers running version 1.3.0 build 20230322 Rel.70591. During the PPTP global configuration setup process, a maliciously crafted HTTP request can be used to inject arbitrary commands, bypassing authentication. Successful exploitation of this vulnerability could allow attackers to execute unauthorized commands on the affected device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TP-LINK Technologies Co Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tY9MZO
https://www.cve.org/CVERecord?id=CVE-2023-42664
https://nvd.nist.gov/vuln/detail/CVE-2023-42664

Back to Vulnerability Database

CVE-2023-42664

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations