Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44448

6.8MEDIUM

Key Information:

Vendor: Tp-link
Status: Archer A54
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-44448?

The stack-based buffer overflow vulnerability identified in the TP-Link Archer A54 routers arises from inadequate validation of user-supplied data length before it is copied to a fixed-length stack-based buffer in the libcmm.so file. This flaw can be exploited by network-adjacent attackers who, after successful authentication, can execute arbitrary code within the context of root. Protecting against this vulnerability requires immediate attention to ensure network security and prevent unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Archer A54 0.9.1 0.4 v0001.0 Build 211108 Rel.33223n(5553)

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1625/

x_research-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023

JSON

Tp-link

What is CVE-2023-44448?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.