.png?w=1200&resize=1200,0&ssl=1&description=Crucial+TP-Hyperlink+DHCP+Vulnerability+Let+Attackers+Execute+Distant+Code){kind=link}
.png?w=1600&resize=1600,900&ssl=1 "Crucial TP-Hyperlink DHCP Vulnerability Let Attackers Execute Distant Code")
A essential safety flaw has been uncovered in sure TP-Hyperlink routers, probably permitting malicious actors to remotely compromise affected units.
The vulnerability, recognized as CVE-2024-11237, impacts TP-Hyperlink VN020 F3v(T) routers working firmware model TT_V6.2.1021, that are primarily deployed by way of Tunisie Telecom and Topnet ISPs.
Comparable variants of the router utilized in Algeria and Morocco are additionally prone to this exploit.
The vulnerability stems from a stack-based buffer overflow that may be triggered by specifically crafted DHCP DISCOVER packets.
Free Final Steady Safety Monitoring Information - Obtain Right here (PDF)
This flaw permits attackers to probably execute arbitrary code or trigger denial of service (DoS) circumstances with out requiring authentication. The assault vector makes use of UDP port 67, which is usually used for DHCP server communications.
TP-Hyperlink DHCP Vulnerability – PoC
Safety researchers have demonstrated that by manipulating the DHCP packet construction, notably the hostname choice and vendor-specific fields, they will exploit the router’s susceptible DHCP processing mechanism.
The precise inside implementation particulars stay unclear as a result of proprietary nature of the firmware, however noticed habits suggests important reminiscence corruption points.
A proof-of-concept exploit has been developed, showcasing the router’s rapid unresponsiveness, DHCP service failure, and computerized restarts following the assault. These results can result in substantial community disruptions requiring handbook intervention to resolve.
The vulnerability was initially found on October 20, 2024, with TP-Hyperlink being notified on November 3, 2024. The CVE identifier was assigned on November 15, 2024. As of now, no official patch has been launched by the producer to deal with this safety concern.
Whereas awaiting an official repair, affected customers are suggested to implement non permanent mitigation methods.
These embody disabling the DHCP server performance if not required, implementing DHCP visitors filtering on the community edge, or contemplating different router fashions the place doable.
The invention of this vulnerability highlights the continuing challenges in IoT machine safety, notably in broadly deployed consumer-grade networking gear.
TP-Hyperlink has but to remark publicly on the vulnerability or present a timeline for a safety replace. Customers of affected units are urged to remain vigilant and monitor for any official communications from the producer relating to this safety concern.
Because the scenario develops, cybersecurity consultants advocate that community directors and residential customers alike stay cautious and implement obtainable mitigation methods to guard their networks from potential exploitation of this vulnerability.
Analyze Limitless Phishing & Malware with ANY.RUN For Free - 14 Days Free Trial.