Analysis Summary

CVE-2024-5227 CVSS:7.5

TP-Link Omada ER605 Routers could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the handling of the username parameter provided to the /usr/bin/pppd endpoint. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.

CVE-2024-5228 CVSS:7.5

TP-Link Omada ER605 Routers is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the DNS responses. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code in the context of root.

CVE-2024-5242 CVSS:7.5

TP-Link Omada ER605 Routers is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the DDNS error codes. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.

CVE-2024-5243 CVSS:7.5

TP-Link Omada ER605 Routers is vulnerable to a buffer overflow, caused by improper bounds checking by the DNS names. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code in the context of root.

CVE-2024-5244 CVSS:5

TP-Link Omada ER605 Routers could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the cmxddnsd executable. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of root.

Impact

• Buffer Overflow
• Code Execution

Indicators of Compromise

CVE

• CVE-2024-5227
• CVE-2024-5228
• CVE-2024-5242
• CVE-2024-5243
• CVE-2024-5244

Affected Vendors

Affected Products

• TP-Link Omada ER605

Remediation

Refer to TP-Link Website for patch, upgrade, or suggested workaround information.

TP-Link Website