ZDI-24-503: (Pwn2Own) TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability

This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-5244.


Leave a Reply

Your email address will not be published. Required fields are marked *