ID

VAR-202406-1806


CVE

CVE-2024-37661


TITLE

TP-Link TL-7DR5130 Security Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-29651

DESCRIPTION

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages. TP-Link TL-7DR5130 is a wireless router from China's TP-LINK company

Trust: 1.44

sources: NVD: CVE-2024-37661 // CNVD: CNVD-2024-29651

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-29651

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-7dr5130scope:eqversion:1.0.23

Trust: 0.6

sources: CNVD: CNVD-2024-29651

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-37661
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-29651
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-29651
severity: MEDIUM
baseScore: 6.7
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-37661
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 4.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-29651 // NVD: CVE-2024-37661

EXTERNAL IDS

db:NVDid:CVE-2024-37661

Trust: 1.6

db:CNVDid:CNVD-2024-29651

Trust: 0.6

sources: CNVD: CNVD-2024-29651 // NVD: CVE-2024-37661

REFERENCES

url:https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/tl-7dr5130-redirect.md

Trust: 1.6

sources: CNVD: CNVD-2024-29651 // NVD: CVE-2024-37661

SOURCES

db:CNVDid:CNVD-2024-29651
db:NVDid:CVE-2024-37661

LAST UPDATE DATE

2024-10-26T23:30:49.583000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-29651date:2024-06-28T00:00:00
db:NVDid:CVE-2024-37661date:2024-10-25T19:35:07.220

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-29651date:2024-06-28T00:00:00
db:NVDid:CVE-2024-37661date:2024-06-17T18:15:17.463