Unrated severityNVD Advisory· Published Feb 6, 2024· Updated Nov 4, 2025
CVE-2023-36498
CVE-2023-36498
Description
A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.3.0 build 20230322 Rel.70591+ 1 more
- (no CPE)range: 1.3.0 build 20230322 Rel.70591
- (no CPE)range: 1.3.0 build 20230322 Rel.70591
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.