Buffer Overflow in TP-Link Routers Allowing Code Execution
CVE-2024-54887

8HIGH

Key Information:

Vendor: TP-Link
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-54887?

CVE-2024-54887 refers to a vulnerability found in certain TP-Link routers, specifically the TL-WR940N versions 3 and 4. This vulnerability is characterized as a buffer overflow issue that can occur when manipulating specific parameters in the router's firmware. If exploited, this vulnerability can allow an authenticated attacker to execute arbitrary code on the device, potentially taking control of the router with root privileges. The ability to do so poses significant risks to organizations, as compromised routers can be leveraged for various malicious activities, including unauthorized access to network traffic, rerouting of sensitive data, or facilitation of further attacks within the local network.

Technical Details

The vulnerability arises from a buffer overflow in the processing of two parameters, dnsserver1 and dnsserver2, located within the firmware interface of the affected TP-Link routers. When an attacker with valid authentication credentials sends specially crafted input through the router's web management page, it can lead to memory corruption. This manipulation can allow an attacker to execute arbitrary code, which, if successful, grants full control over the device. The vulnerable firmware versions encompass 3.16.9 and earlier, meaning that devices running these versions are at risk until patches are applied.

Potential impact of CVE-2024-54887

Unauthorized Remote Access: An attacker exploiting this vulnerability can gain remote administrative access to the router, leading to complete control over network settings and traffic.
Data Interception: With control over the router, malicious actors can intercept and manipulate data flowing through the network, putting sensitive information and communications at risk.
Network Compromise: The vulnerability can serve as a foothold for attackers to launch further intrusions into the broader network, potentially affecting connected devices and systems.

References

http://tp-link.com

https://github.com/JBince/vulnerability-research/tree/mai...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025