Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-25139

Published: 14/03/2024 Updated: 14/03/2024

Vulnerability Summary

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.

Github Repositories

https://github.com/microsoft/Microsoft-TP-Link-Research-Team

To gain access, please finish setting up this repository now at:

CPS Research Team Microsoft researchers discovered LPE vulnerability in TP-Link Omada ER605 V101 through (v26) 223 Vulnerability description In TP-Link Omada er605 101 through (v26) 223, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow After heap shaping, an attacker can achieve code execution in the context of the c

References

https://www.tp-link.com/us/omada-sdn/https://github.com/microsoft/Microsoft-TP-Link-Research-Teamhttps://nvd.nist.govhttps://github.com/microsoft/Microsoft-TP-Link-Research-Team
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook