Description
In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://gist.github.com/XiaoCurry/14d46e0becd79d9bb9907f2fbe147cfe
Permissions Required, Third Party Advisory
https://securityonline.info/cve-2024-42815-cvss-9-8-buffer-overflow-flaw-in-tp-link-routers-opens-door-to-rce/
Scores
CVSS v3
9.8
EPSS
0.0040
EPSS Percentile
60.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (1)
tp-link/re365_firmware
180213
Published
Aug 19, 2024
Tracked Since
Feb 18, 2026