Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-mj59-82hp-pgf4

GitHub Security Advisory

⚠ Unreviewed HIGH Has CVE
View on GitHub

Advisory Details

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.

Related CVEs

CVE-2023-36498

Key Information

GHSA ID
GHSA-mj59-82hp-pgf4
Published
February 6, 2024 6:30 PM
Last Modified
February 6, 2024 6:30 PM
CVSS Score
7.5 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.