The vulnerability of TP-Link Omada er605’s microprogramming software arises from buffer overflow in the stack, allowing an attacker to execute arbitrary code in the root context.

🗓️ 07 Jun 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

TP-Link Omada ER605 firmware has a stack overflow enabling attacker to execute code in root context.

Reporter	Title	Published	Views	Family All 8
CNNVD	TP-Link Omada ER605 安全漏洞	23 May 202400:00	–	cnnvd
CVE	CVE-2024-5228	23 May 202421:55	–	cve
Cvelist	CVE-2024-5228 TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability	23 May 202421:55	–	cvelist
EUVD	EUVD-2024-46467	3 Oct 202520:07	–	euvd
NVD	CVE-2024-5228	23 May 202422:15	–	nvd
Positive Technologies	PT-2023-9171 · Tp Link · Tp-Link Omada Er605	9 Nov 202300:00	–	ptsecurity
Vulnrichment	CVE-2024-5228 TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability	23 May 202421:55	–	vulnrichment
Zero Day Initiative	(Pwn2Own) TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability	23 May 202400:00	–	zdi

Source	Link
tp-link	www.tp-link.com/en/support/download/er605/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-500/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-500/

07 Jun 2024 00:00Current

8High risk

Vulners AI Score8

CVSS 26.8

CVSS 37.5

EPSS0.03327

Omada ER605 stack overflow remote code execution