Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44448

6.8MEDIUM

Key Information:

Vendor: Tp-link
Status: Archer A54
Vendor: CVE Published:; 3 May 2024

Summary

The stack-based buffer overflow vulnerability identified in the TP-Link Archer A54 routers arises from inadequate validation of user-supplied data length before it is copied to a fixed-length stack-based buffer in the libcmm.so file. This flaw can be exploited by network-adjacent attackers who, after successful authentication, can execute arbitrary code within the context of root. Protecting against this vulnerability requires immediate attention to ensure network security and prevent unauthorized access.

Affected Version(s)

Archer A54 0.9.1 0.4 v0001.0 Build 211108 Rel.33223n(5553)

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1625/

x_research-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023