Buffer Overflow Remote Code Execution Vulnerability Affects TP-Link Omada ER605 Routers
CVE-2024-5243
Key Information:
- Vendor
Tp-link
- Status
- Vendor
- CVE Published:
- 23 May 2024
Badges
What is CVE-2024-5243?
A remote code execution vulnerability has been identified in the TP-Link Omada ER605 router due to a buffer overflow flaw in its DNS name handling. This weakness stems from inadequate validation of user-supplied data length before copying it to a buffer, enabling network-adjacent attackers to potentially execute arbitrary code. Notably, exploitation does not require authentication, although the routers must be configured to use the Comexe DDNS service for the vulnerability to present a risk. This issue represents a significant security threat, allowing attackers to gain control over affected devices.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Omada ER605 2.6_2.2.2 Build 20231017
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published