The vulnerability of TP-Link Omada er605’s microprogramming software arises from incorrect processing of DDNS error codes, allowing a intruder to execute any arbitrary code in the root context.

🗓️ 07 Jun 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

TP-Link Omada ER605 flaw in DDNS error handling enables remote code execution in root context.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-5242	10 Jul 202417:39	–	circl
CNNVD	TP-Link Omada ER605 安全漏洞	23 May 202400:00	–	cnnvd
CVE	CVE-2024-5242	23 May 202421:55	–	cve
Cvelist	CVE-2024-5242 TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability	23 May 202421:55	–	cvelist
EUVD	EUVD-2024-46481	3 Oct 202520:07	–	euvd
GithubExploit	Exploit for Classic Buffer Overflow in Tp-Link Omada_Er605_Firmware	4 Feb 202609:46	–	githubexploit
NVD	CVE-2024-5242	23 May 202422:15	–	nvd
OSV	CVE-2024-5242	23 May 202422:15	–	osv
Positive Technologies	PT-2023-9174	9 Nov 202300:00	–	ptsecurity
Vulnrichment	CVE-2024-5242 TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability	23 May 202421:55	–	vulnrichment

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-5242
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-501/
tp-link	www.tp-link.com/en/support/download/er605/
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-501/

07 Jun 2024 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 26.8

CVSS 37.5

EPSS0.01458

tp link omada er605 dynamic dns error handling remote code execution root context