CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE
Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized code on the platform.

CWE-305 Missing Authentication for Critical Function
Missing Authentication for Critical Function may allow Authentication Bypass
Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized code on the platform

CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass
Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized code on the platform.

CWE-20 Improper Input Validation:
Improper Input Validation may allow Denial of Service. Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized code on the platform.

CWE-320: Key Management Errors:
Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized code on the platform.

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'):
Successful exploitation of these vulnerabilities could allow an attacker to execute unauthorized code on the platform.

This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.

The specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.

The specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.

The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.