February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2024-23673 – Apache Sling Servlets Resolver Vulnerability
February 7, 2024Rewterz Threat Alert – HijackLoader 2.0: Deciphering Advanced Evasion Techniques – Active IOCs
February 8, 2024Rewterz Threat Advisory – CVE-2024-23673 – Apache Sling Servlets Resolver Vulnerability
February 7, 2024Rewterz Threat Alert – HijackLoader 2.0: Deciphering Advanced Evasion Techniques – Active IOCs
February 8, 2024
Severity
High
Analysis Summary
CVE-2023-47209 CVSS:7.2
TP-Link ER7206 Omada Gigabit VPN Router could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the ipsec policy function. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-46683 CVSS:7.2
TP-Link ER7206 Omada Gigabit VPN Router could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the ipsec policy function. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-36498 CVSS:7.2
TP-Link ER7206 Omada Gigabit VPN Router could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the PPTP client function. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-43482 CVSS:7.2
TP-Link ER7206 Omada Gigabit VPN Router could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the guest resource function. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-47167 CVSS:7.2
TP-Link ER7206 Omada Gigabit VPN Router could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the GRE policy function. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-47617 CVSS:7.2
TP-Link ER7206 Omada Gigabit VPN Router could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw when configuring the web group member. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-42664 CVSS:7.2
TP-Link ER7206 Omada Gigabit VPN Router could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw when setting up the PPTP global configuration. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-47618 CVSS:7.2
TP-Link ER7206 Omada Gigabit VPN Router could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the web filtering function. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-47209
- CVE-2023-46683
- CVE-2023-36498
- CVE-2023-43482
- CVE-2023-47167
- CVE-2023-47617
- CVE-2023-42664
- CVE-2023-47618
Affected Vendors
TP-Link
Affected Products
- TP-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591
Remediation
Refer to TP-Link Website for patch, upgrade, or suggested workaround information.