CVE-2024-54887
published 2025-01-09CVE-2024-54887: TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at…
PriorityP351high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
EPSS
6.13%
92.6th percentile
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tp-link | tl-wr940n_firmware | <= 3.16.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS TP-Link TL-WR940N Hardware v3/v4 Authenticated Remote Code Execution (CVE-2024-54887)
suricata·2025-01-27·CVSS 8.0
CVE-2024-54887 [HIGH] ET WEB_SPECIFIC_APPS TP-Link TL-WR940N Hardware v3/v4 Authenticated Remote Code Execution (CVE-2024-54887)
ET WEB_SPECIFIC_APPS TP-Link TL-WR940N Hardware v3/v4 Authenticated Remote Code Execution (CVE-2024-54887)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS TP-Link TL-WR940N Hardware v3/v4 Authenticated Remote Code Execution (CVE-2024-54887)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/userRpm/Wan6to4TunnelCfgRpm.htm?"; fast_pattern; content:"dnsserver"; pcre:"/^[12]\x3d[^\x26]*?\x27\x70\xc0\x01\x2a/R"; reference:url,infosecwriteups.com/reversing-discovering-and-exploiting-a-tp-link-router-vulnerability-cve-2024-54887-341552c4b104; reference:cve,2024-54887; classtype:web-application-attack; sid:2059682; rev:1; metadata:affected_product TPLINK, attack_target Server, tls_state TLSDecrypt, created_at 2025_01_27, cve CVE_2024_5488
No public exploits indexed.
No writeups or analysis indexed.
2025-01-09
Published