Skip to content

microsoft/Microsoft-TP-Link-Research-Team

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

SECURITY.md

SECURITY.md

 
 

Repository files navigation

CPS Research Team

Microsoft researchers discovered LPE vulnerability in TP-Link Omada ER605 V1.0.1 through (v2.6) 2.2.3

Vulnerability description

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.

Vulnerability Type

Buffer Overflow, Local Privilege Escalation

Affected Product version

TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3

CVE-ID

CVE-2024-25139

Patch for the vulnerability

ER605(UN)_v2_2.2.4 Build 020240119.zip

Affected Component

cloud-brd binary.

Reference

TP-Link Omada

CVE-2024-25139

Researchers

Vladimir Tokarev(@G1ND1L4)

Omri Ben-Bassat(@beta_b0t)

About

To gain access, please finish setting up this repository now at:

repos.opensource.microsoft.com/microsoft/wizard?existingreponame=Microsoft-TP-Link-Research-Team&existingrepoid=768499414

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •