CVE-2024-21827

HIGH

Tp-Link ER7206 Omada - RCE

Title source: llm

Description

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

References (2)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947

[Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1947

Scores

CVSS v3 7.2

EPSS 0.0015

EPSS Percentile 35.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-489

Status published

Products (1)

tp-link/er7206_firmware 1.4.1 build_20240117_rel_57421

Published Jun 25, 2024

Tracked Since Feb 18, 2026