Omri Ben-Bassat

**Name of the Vulnerable Software and Affected Versions** TP-Link Omada er605 versions 1.0.1 through 2.2.3 **Description** The issue is caused by an integer overflow in the cloud-brd binary, leading to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. **Recommendations** For versions 1.0.1 through 2.2.3, update to ER605(UN) v2 2.2.4 Build 020240119 to resolve the issue. As a temporary workaround, consider restricting access to the cloud-brd binary to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Nuttx versions prior to 10.1.0 **Description** The issue is related to an integer wrap-around in the `malloc`, `realloc`, and `memalign` functions, leading to improper memory assignment. This can result in arbitrary memory allocation, causing unexpected behavior such as a crash or remote code injection/execution. The vulnerability can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. **Recommendations** For Apache Nuttx versions prior to 10.1.0, update to version 10.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected functions `malloc`, `realloc`, and `memalign` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Redis versions 4.0 through 6.1 Redis versions prior to 5.0.11 Redis versions prior to 6.0.11 Redis version 6.2 **Description** The issue is related to an integer overflow bug in 32-bit Redis versions 4.0 or newer, which could be exploited to corrupt the heap and potentially result in remote code execution. By default, authenticated Redis users have access to all configuration parameters and can change the safe default, making the system vulnerable. This problem only affects 32-bit Redis. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Redis versions 4.0 through 6.1, update to version 6.2 or newer. For Redis versions prior to 5.0.11, update to version 5.0.11 or newer. For Redis versions prior to 6.0.11, update to version 6.0.11 or newer. As a temporary workaround, consider preventing clients from directly executing `CONFIG SET` by using ACL configuration to block the command in Redis 6.0 or newer, or by using the `rename-command` configuration directive to rename the command to a random string unknown to users in older versions.