Summary: Security researcher Joward has identified a critical buffer overflow vulnerability, CVE-2024-54887, in TP-Link TL-WR940N routers, which could allow attackers to execute arbitrary code. The vulnerability arises from improper validation of DNS server configuration parameters, specifically dnsserver1 and dnsserver2. Joward’s Proof of Concept (PoC) exploit demonstrates the potential for remote code execution using sophisticated techniques like Return Oriented Programming (ROP).
Threat Actor: Unknown | unknown
Victim: TP-Link | TP-Link
Keypoints :
- Vulnerability CVE-2024-54887 affects hardware versions 3 and 4 of the TL-WR940N router.
- The flaw allows for arbitrary code execution due to lack of string length validation in the web interface.
- Joward’s PoC utilizes ROP techniques and custom shellcode to exploit the vulnerability effectively.
- TP-Link has confirmed that affected hardware is no longer supported with security updates.
- Users are advised to upgrade to newer devices for continued protection against such vulnerabilities.