Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-1179

Published: 01/04/2024 Updated: 02/04/2024

Vulnerability Summary

TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420.

Github Repositories

https://github.com/z1r00/z1r00

Hi there 👋 Pwn2Own TORONTO 2023 (CVE-2024-1179) & TP-Link Omada ER605 RWCTF 6th - Let’s party in the house 2023年终总结 uC-HTTP漏洞分析 Pwn2Own-RAX30 Routers漏洞分析

References

https://www.zerodayinitiative.com/advisories/ZDI-24-085/https://nvd.nist.govhttps://github.com/z1r00/z1r00https://www.zerodayinitiative.com/advisories/ZDI-24-085/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook