CVE-2024-42815

Name of the Vulnerable Software and Affected Versions TP-Link RE365 version V1 180213

Description The issue is related to a buffer overflow vulnerability due to the lack of length verification for the USER AGENT field in /usr/bin/httpd. This vulnerability can be exploited by attackers to cause the remote target device to crash or execute arbitrary commands. The vulnerability is related to the USER AGENT field, which can be exploited by sending specially crafted network packets.

Recommendations As a temporary workaround, consider disabling the httpd service or restricting access to the /usr/bin/httpd endpoint until a patch is available. Update the firmware to the latest version to secure the network. Restrict access to the vulnerable USER AGENT field to minimize the risk of exploitation.