InfoSecBulletin Cybersecurity for mankind
A serious security flaw has been found in some TP-Link routers, potentially enabling hackers to remotely access the affected devices.The vulnerability CVE-2024-11237 impacts TP-Link VN020 F3v(T) routers with firmware TT_V6.2.1021, mainly used by Tunisie Telecom and Topnet ISPs.
Routers similar to those used in Algeria and Morocco are vulnerable to this exploit. The vulnerability is due to a stack-based buffer overflow caused by specially crafted DHCP DISCOVER packets.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
This flaw enables attackers to execute arbitrary code or cause denial of service (DoS) without authentication, using UDP port 67, typically used for DHCP communications.
Security researchers have shown that by altering the DHCP packet structure, especially the hostname and vendor-specific fields, they can exploit vulnerabilities in how routers process DHCP.
The internal details are unclear because the firmware is proprietary, but it appears there are serious memory corruption problems.
A proof-of-concept exploit demonstrates that the router becomes unresponsive, fails its DHCP service, and restarts automatically after an attack. These issues can cause significant network disruptions that need manual fixes.
The vulnerability was discovered on October 20, 2024, and TP-Link was informed on November 3, 2024. A CVE identifier was assigned on November 15, 2024, but no official patch has been released yet to fix the issue. Affected users should adopt temporary solutions while waiting for an official fix.
Consider disabling the DHCP server if it’s not needed, filtering DHCP traffic at the network edge, or exploring different router models. This vulnerability reveals ongoing issues with the security of IoT devices, especially in commonly used consumer networking gear.
TP-Link has not commented on the vulnerability or mentioned when a security update will be available. Affected users should stay alert for updates from the manufacturer about this issue.
Cybersecurity experts advise network administrators and home users to stay vigilant and use available strategies to protect their networks from this vulnerability.
