TP-Link.ER7206.uhttpd.web.group.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in TP-Link ER7206 Omada Gigabit VPN Router.
The vulnerability is due to insufficient validation of user-supplied inputs. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Affected Products
Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.tp-link.com/us/support/download/er7206/v1/#Firmware
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |