Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for Omada ER605 by TP-Link

    CVE-2024-5244 (GCVE-0-2024-5244)

    Vulnerability from nvd – Published: 2024-05-23 21:56 – Updated: 2024-08-01 21:03
    VLAI
    Title
    TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability
    Summary
    TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-656 - Reliance on Security Through Obscurity
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp_link omada_er605 Affected: 2.6_2.2.2_build_20231017
        cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605",
                "vendor": "tp_link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2_build_20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T14:24:30.959171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:14.698Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.048Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-503",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-503/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T21:00:10.545Z",
          "datePublic": "2024-05-23T13:57:28.179Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-656",
                  "description": "CWE-656: Reliance on Security Through Obscurity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:56:08.846Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-503",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-503/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Tomer Goldschmidt, Sharon Brizinov"
          },
          "title": "TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5244",
        "datePublished": "2024-05-23T21:56:08.846Z",
        "dateReserved": "2024-05-22T21:00:10.520Z",
        "dateUpdated": "2024-08-01T21:03:11.048Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5243 (GCVE-0-2024-5243)

    Vulnerability from nvd – Published: 2024-05-23 21:56 – Updated: 2024-08-01 21:03
    VLAI
    Title
    TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp_link omada_er605 Affected: 2.6_2.2.2_build_20231017
        cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605",
                "vendor": "tp_link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2_build_20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T14:28:26.840435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:01:43.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.130Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-502",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-502/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T20:59:40.302Z",
          "datePublic": "2024-05-23T13:57:19.641Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:56:04.395Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-502",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-502/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Tomer Goldschmidt, Sharon Brizinov"
          },
          "title": "TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5243",
        "datePublished": "2024-05-23T21:56:04.395Z",
        "dateReserved": "2024-05-22T20:59:40.274Z",
        "dateUpdated": "2024-08-01T21:03:11.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5242 (GCVE-0-2024-5242)

    Vulnerability from nvd – Published: 2024-05-23 21:55 – Updated: 2024-08-01 21:03
    VLAI
    Title
    TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp_link omada_er605 Affected: 2.6_2.2.2_build_20231017
        cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605",
                "vendor": "tp_link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2_build_20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T14:34:09.613906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:01:54.882Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-501",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-501/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T20:56:07.054Z",
          "datePublic": "2024-05-23T13:57:14.761Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:55:59.756Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-501",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-501/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Tomer Goldschmidt, Sharon Brizinov"
          },
          "title": "TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5242",
        "datePublished": "2024-05-23T21:55:59.756Z",
        "dateReserved": "2024-05-22T20:56:07.027Z",
        "dateUpdated": "2024-08-01T21:03:11.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5228 (GCVE-0-2024-5228)

    Vulnerability from nvd – Published: 2024-05-23 21:55 – Updated: 2024-08-01 21:03
    VLAI
    Title
    TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp-link omada_er605 Affected: 2.6_2.2.2-build-20231017
        cpe:2.3:h:tp-link:omada_er605:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tp-link:omada_er605:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2-build-20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T18:17:33.043948Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:07.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.112Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-500",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-500/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T20:22:19.989Z",
          "datePublic": "2024-05-23T13:57:09.929Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605  Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:55:55.391Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-500",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-500/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "@vcslab"
          },
          "title": "TP-Link Omada ER605  Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5228",
        "datePublished": "2024-05-23T21:55:55.391Z",
        "dateReserved": "2024-05-22T20:22:19.958Z",
        "dateUpdated": "2024-08-01T21:03:11.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5227 (GCVE-0-2024-5227)

    Vulnerability from nvd – Published: 2024-05-23 21:55 – Updated: 2024-09-03 16:05
    VLAI
    Title
    TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication. The specific flaw exists within the handling of the username parameter provided to the /usr/bin/pppd endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22446.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp-link omada_er605_firmware Affected: 2.6_2.2.2build20231017
        cpe:2.3:o:tp-link:omada_er605_firmware:2.6_2.2.2build20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-499",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-499/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:omada_er605_firmware:2.6_2.2.2build20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2build20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T19:15:43.971772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T16:05:33.661Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T20:15:04.891Z",
          "datePublic": "2024-05-23T13:57:02.519Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication.\n\nThe specific flaw exists within the handling of the username parameter provided to the /usr/bin/pppd endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22446."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:55:48.347Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-499",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-499/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Chris Anastasio @mufinnnnnnn"
          },
          "title": "TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5227",
        "datePublished": "2024-05-23T21:55:48.347Z",
        "dateReserved": "2024-05-22T20:15:04.846Z",
        "dateUpdated": "2024-09-03T16:05:33.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1180 (GCVE-0-2024-1180)

    Vulnerability from nvd – Published: 2024-04-03 16:30 – Updated: 2024-08-01 18:33
    VLAI
    Title
    TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22227.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.1.2 Build 20230210 Rel.62992
    Create a notification for this product.
    tp-link er605 Affected: 2.1.2_build_20230210
        cpe:2.3:o:tp-link:er605:2.1.2_build_20230210:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-05 23:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:er605:2.1.2_build_20230210:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "er605",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.1.2_build_20230210"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1180",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-06T16:12:54.477242Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:00:10.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.167Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-086",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-086/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.2 Build 20230210 Rel.62992"
                }
              ]
            }
          ],
          "dateAssigned": "2024-02-01T21:43:51.540Z",
          "datePublic": "2024-02-05T23:44:44.659Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability.\n\nThe specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22227."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:30:55.786Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-086",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-086/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Noam Moshe of Claroty Research - Team82"
          },
          "title": "TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-1180",
        "datePublished": "2024-04-03T16:30:55.786Z",
        "dateReserved": "2024-02-01T21:43:17.125Z",
        "dateUpdated": "2024-08-01T18:33:24.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1179 (GCVE-0-2024-1179)

    Vulnerability from nvd – Published: 2024-04-01 21:46 – Updated: 2024-08-01 18:33
    VLAI
    Title
    TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2_2.2.2 Build 20231017
    Create a notification for this product.
    tp-link er605 Affected: 2.2.2_build_20231017
        cpe:2.3:a:tp-link:er605:2.2.2_build_20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-05 23:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tp-link:er605:2.2.2_build_20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "er605",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.2.2_build_20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-06T16:12:36.503205Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:00:14.278Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-085",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-085/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-02-01T21:43:51.526Z",
          "datePublic": "2024-02-05T23:44:29.657Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-01T21:46:08.541Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-085",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-085/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "LJP (@ljp_tw) and YingMuo (@YingMuo), working with DEVCORE Internship Program"
          },
          "title": "TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-1179",
        "datePublished": "2024-04-01T21:46:08.541Z",
        "dateReserved": "2024-02-01T21:43:11.616Z",
        "dateUpdated": "2024-08-01T18:33:24.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5244 (GCVE-0-2024-5244)

    Vulnerability from cvelistv5 – Published: 2024-05-23 21:56 – Updated: 2024-08-01 21:03
    VLAI
    Title
    TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability
    Summary
    TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-656 - Reliance on Security Through Obscurity
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp_link omada_er605 Affected: 2.6_2.2.2_build_20231017
        cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605",
                "vendor": "tp_link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2_build_20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T14:24:30.959171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:14.698Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.048Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-503",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-503/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T21:00:10.545Z",
          "datePublic": "2024-05-23T13:57:28.179Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-656",
                  "description": "CWE-656: Reliance on Security Through Obscurity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:56:08.846Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-503",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-503/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Tomer Goldschmidt, Sharon Brizinov"
          },
          "title": "TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5244",
        "datePublished": "2024-05-23T21:56:08.846Z",
        "dateReserved": "2024-05-22T21:00:10.520Z",
        "dateUpdated": "2024-08-01T21:03:11.048Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5243 (GCVE-0-2024-5243)

    Vulnerability from cvelistv5 – Published: 2024-05-23 21:56 – Updated: 2024-08-01 21:03
    VLAI
    Title
    TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp_link omada_er605 Affected: 2.6_2.2.2_build_20231017
        cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605",
                "vendor": "tp_link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2_build_20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T14:28:26.840435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:01:43.808Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.130Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-502",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-502/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T20:59:40.302Z",
          "datePublic": "2024-05-23T13:57:19.641Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:56:04.395Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-502",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-502/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Tomer Goldschmidt, Sharon Brizinov"
          },
          "title": "TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5243",
        "datePublished": "2024-05-23T21:56:04.395Z",
        "dateReserved": "2024-05-22T20:59:40.274Z",
        "dateUpdated": "2024-08-01T21:03:11.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5242 (GCVE-0-2024-5242)

    Vulnerability from cvelistv5 – Published: 2024-05-23 21:55 – Updated: 2024-08-01 21:03
    VLAI
    Title
    TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp_link omada_er605 Affected: 2.6_2.2.2_build_20231017
        cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tp_link:omada_er605:2.6_2.2.2_build_20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605",
                "vendor": "tp_link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2_build_20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T14:34:09.613906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:01:54.882Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-501",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-501/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T20:56:07.054Z",
          "datePublic": "2024-05-23T13:57:14.761Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:55:59.756Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-501",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-501/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Tomer Goldschmidt, Sharon Brizinov"
          },
          "title": "TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5242",
        "datePublished": "2024-05-23T21:55:59.756Z",
        "dateReserved": "2024-05-22T20:56:07.027Z",
        "dateUpdated": "2024-08-01T21:03:11.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5228 (GCVE-0-2024-5228)

    Vulnerability from cvelistv5 – Published: 2024-05-23 21:55 – Updated: 2024-08-01 21:03
    VLAI
    Title
    TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp-link omada_er605 Affected: 2.6_2.2.2-build-20231017
        cpe:2.3:h:tp-link:omada_er605:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tp-link:omada_er605:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2-build-20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-24T18:17:33.043948Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:02:07.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:11.112Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-500",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-500/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T20:22:19.989Z",
          "datePublic": "2024-05-23T13:57:09.929Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605  Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:55:55.391Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-500",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-500/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "@vcslab"
          },
          "title": "TP-Link Omada ER605  Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5228",
        "datePublished": "2024-05-23T21:55:55.391Z",
        "dateReserved": "2024-05-22T20:22:19.958Z",
        "dateUpdated": "2024-08-01T21:03:11.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5227 (GCVE-0-2024-5227)

    Vulnerability from cvelistv5 – Published: 2024-05-23 21:55 – Updated: 2024-09-03 16:05
    VLAI
    Title
    TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication. The specific flaw exists within the handling of the username parameter provided to the /usr/bin/pppd endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22446.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.6_2.2.2 Build 20231017
    Create a notification for this product.
    tp-link omada_er605_firmware Affected: 2.6_2.2.2build20231017
        cpe:2.3:o:tp-link:omada_er605_firmware:2.6_2.2.2build20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-23 13:57
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:03:10.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-499",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-499/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:omada_er605_firmware:2.6_2.2.2build20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omada_er605_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.6_2.2.2build20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5227",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T19:15:43.971772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T16:05:33.661Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-05-22T20:15:04.891Z",
          "datePublic": "2024-05-23T13:57:02.519Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication.\n\nThe specific flaw exists within the handling of the username parameter provided to the /usr/bin/pppd endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22446."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-23T21:55:48.347Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-499",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-499/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Chris Anastasio @mufinnnnnnn"
          },
          "title": "TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-5227",
        "datePublished": "2024-05-23T21:55:48.347Z",
        "dateReserved": "2024-05-22T20:15:04.846Z",
        "dateUpdated": "2024-09-03T16:05:33.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1180 (GCVE-0-2024-1180)

    Vulnerability from cvelistv5 – Published: 2024-04-03 16:30 – Updated: 2024-08-01 18:33
    VLAI
    Title
    TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22227.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2.1.2 Build 20230210 Rel.62992
    Create a notification for this product.
    tp-link er605 Affected: 2.1.2_build_20230210
        cpe:2.3:o:tp-link:er605:2.1.2_build_20230210:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-05 23:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:er605:2.1.2_build_20230210:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "er605",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.1.2_build_20230210"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1180",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-06T16:12:54.477242Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:00:10.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.167Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-086",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-086/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.2 Build 20230210 Rel.62992"
                }
              ]
            }
          ],
          "dateAssigned": "2024-02-01T21:43:51.540Z",
          "datePublic": "2024-02-05T23:44:44.659Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability.\n\nThe specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22227."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:30:55.786Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-086",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-086/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Noam Moshe of Claroty Research - Team82"
          },
          "title": "TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-1180",
        "datePublished": "2024-04-03T16:30:55.786Z",
        "dateReserved": "2024-02-01T21:43:17.125Z",
        "dateUpdated": "2024-08-01T18:33:24.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1179 (GCVE-0-2024-1179)

    Vulnerability from cvelistv5 – Published: 2024-04-01 21:46 – Updated: 2024-08-01 18:33
    VLAI
    Title
    TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link Omada ER605 Affected: 2_2.2.2 Build 20231017
    Create a notification for this product.
    tp-link er605 Affected: 2.2.2_build_20231017
        cpe:2.3:a:tp-link:er605:2.2.2_build_20231017:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-05 23:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tp-link:er605:2.2.2_build_20231017:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "er605",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.2.2_build_20231017"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-06T16:12:36.503205Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:00:14.278Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:24.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-24-085",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-085/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omada ER605",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "2_2.2.2 Build 20231017"
                }
              ]
            }
          ],
          "dateAssigned": "2024-02-01T21:43:51.526Z",
          "datePublic": "2024-02-05T23:44:29.657Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-01T21:46:08.541Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-085",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-085/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "LJP (@ljp_tw) and YingMuo (@YingMuo), working with DEVCORE Internship Program"
          },
          "title": "TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2024-1179",
        "datePublished": "2024-04-01T21:46:08.541Z",
        "dateReserved": "2024-02-01T21:43:11.616Z",
        "dateUpdated": "2024-08-01T18:33:24.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }