CVE-2024-5244

EPSS 0.06%
Veröffentlicht 23.05.2024 22:15:13
Zuletzt bearbeitet 06.08.2025 14:27:58
Quelle zdi-disclosures@trendmicro.com
Teams Watchlist Login
Unerledigt Login

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.

The specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Omada Er605 Firmware Version2.2.2 Updatebuild_20231017

Tp-link ≫ Omada Er605 Version2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.181

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.2	1.6	2.5	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
zdi-disclosures@trendmicro.com	5	1.6	3.4	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-656 Reliance on Security Through Obscurity

The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.

https://www.zerodayinitiative.com/advisories/ZDI-24-503/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5244

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5244

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5244

EUVD