Tp-Link Omada Er605 Firmware vulnerabilities
8 known vulnerabilities affecting tp-link/omada_er605_firmware.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-1179P2HIGHCVSS 8.8fixed in 2.2.42024-04-01
CVE-2024-1179 [HIGH] CWE-121 CVE-2024-1179: TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerab
TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of
nvd
CVE-2024-25139P3CRITICALCVSS 10.0≥ 1.0, ≤ 2.2.32024-03-14
CVE-2024-25139 [CRITICAL] CWE-120 CVE-2024-25139: In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer o
In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.
nvd
CVE-2024-5242P3HIGHCVSS 7.5v2.2.22024-05-23
CVE-2024-5242 [HIGH] CWE-121 CVE-2024-5242: TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabil
TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DD
nvd
CVE-2024-1180P3HIGHCVSS 8.0fixed in 2.2.32024-04-03
CVE-2024-1180 [HIGH] CWE-78 CVE-2024-1180: TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulne
TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability.
The specific issue exists within the handling of the name field in the access
nvd
CVE-2024-5227P3HIGHCVSS 7.5v2.2.22024-05-23
CVE-2024-5227 [HIGH] CWE-78 CVE-2024-5227: TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vu
TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP
nvd
CVE-2024-5243P3HIGHCVSS 7.5v2.2.22024-05-23
CVE-2024-5243 [HIGH] CWE-120 CVE-2024-5243: TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows n
TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
nvd
CVE-2024-5228P3HIGHCVSS 7.5v2.2.22024-05-23
CVE-2024-5228 [HIGH] CWE-122 CVE-2024-5228: TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution
TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if conf
nvd
CVE-2024-5244P4MEDIUMCVSS 4.2v2.2.22024-05-23
CVE-2024-5244 [MEDIUM] CWE-656 CVE-2024-5244: TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows
TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS
nvd