In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 18 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link omada Er605
Tp-link omada Er605 Firmware
CPEs cpe:2.3:h:tp-link:omada_er605:2.6:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:omada_er605_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link omada Er605
Tp-link omada Er605 Firmware

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T13:21:58.870Z

Reserved: 2024-02-06T00:00:00

Link: CVE-2024-25139

cve-icon Vulnrichment

Updated: 2024-08-01T23:36:21.785Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-14T16:15:50.077

Modified: 2025-09-18T16:30:09.377

Link: CVE-2024-25139

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:31:22Z