ER-605 Router security vulnerabilities
The TP-Link Omada ER605 v1 router has recently come under scrutiny due to several critical security vulnerabilities, primarily affecting its VPN, DHCP, and DDNS configurations. These vulnerabilities expose network administrators to potential exploitation, underscoring the need for immediate firmware updates and secure configurations.
Key Vulnerabilities
1. CVE-2024-5227 - PPTP VPN Command Injection
This vulnerability allows attackers to execute arbitrary commands remotely if the router is configured with a PPTP VPN and LDAP authentication. This flaw stems from inadequate input validation in the VPN configuration’s username parameter, making it possible for attackers to inject commands that are executed with root-level privileges. Notably, this vulnerability does not require prior authentication, significantly increasing the risk level .
2. CVE-2024-1179 - DHCPv6 Buffer Overflow
A buffer overflow in the DHCPv6 client option handling permits network-adjacent attackers to execute remote code on the router. This flaw results from improper checks on data length before copying DHCP options to a fixed-length buffer, allowing attackers to overload the buffer and run malicious code. This vulnerability also allows root access and highlights the importance of stringent input validation practices .
3. CVE-2024-5228 - DDNS Heap Overflow in Comexe
Found within the Comexe DDNS service, this vulnerability enables attackers to exploit improperly managed DNS responses, leading to a heap-based buffer overflow. This issue arises due to insufficient validation on the length of data from DNS responses, which attackers can exploit to gain root control over the device. Notably, the vulnerability only affects devices configured with the Comexe DDNS service, but it poses a high-risk entry point if enabled.
Are there any plan from Omada Tp-link to solves those security vulnerabilities?