The vulnerability of TP-Link Omada ER605 VPN router’s microprogramming system lies in the ability to write code outside the buffer, allowing a hacker to execute arbitrary code in the context of the root user.

🗓️ 08 Apr 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 6 Views

TP-Link Omada ER605 microprogramming buffer overflow enables root code execution via DHCP options.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-1179	9 Apr 202419:18	–	circl
CNNVD	TP-LINK Omada ER605 安全漏洞	1 Apr 202400:00	–	cnnvd
CVE	CVE-2024-1179	1 Apr 202421:46	–	cve
Cvelist	CVE-2024-1179 TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability	1 Apr 202421:46	–	cvelist
EUVD	EUVD-2024-16947	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1179	1 Apr 202422:15	–	nvd
OSV	CVE-2024-1179	1 Apr 202422:15	–	osv
Positive Technologies	PT-2023-8935 · Tp Link · Tp-Link Omada Er605	9 Nov 202300:00	–	ptsecurity
Vulnrichment	CVE-2024-1179 TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability	1 Apr 202421:46	–	vulnrichment
Zero Day Initiative	(Pwn2Own) TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability	5 Feb 202400:00	–	zdi

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-22420
vuldb	www.vuldb.com/ru/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-085/

08 Apr 2024 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 26.8

CVSS 37.5

EPSS0.00912

buffer overflow arbitrary code execution root access dhcp options tp link omada er605