Description
In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.
Published: 2024-03-14
Score: 10.0 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link omada Er605
Tp-link omada Er605 Firmware
CPEs cpe:2.3:h:tp-link:omada_er605:2.6:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:omada_er605_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link omada Er605
Tp-link omada Er605 Firmware

Subscriptions

Tp-link Omada Er605 Omada Er605 Firmware
Tp Link Omada Er605
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T13:21:58.870Z

Reserved: 2024-02-06T00:00:00.000Z

Link: CVE-2024-25139

cve-icon Vulnrichment

Updated: 2024-08-01T23:36:21.785Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-14T16:15:50.077

Modified: 2025-09-18T16:30:09.377

Link: CVE-2024-25139

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:31:22Z

Weaknesses