CVE-2024-5227

Name of the Vulnerable Software and Affected Versions TP-Link Omada ER605 (affected versions not specified)

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. The flaw exists within the handling of the username parameter provided to the "/usr/bin/pppd" endpoint, due to the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this to execute code in the context of root. Devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication.

Recommendations As a temporary workaround, consider disabling the use of PPTP VPN with LDAP authentication until a patch is available. Restrict access to the /usr/bin/pppd endpoint to minimize the risk of exploitation. Avoid using the username parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.