How severe is CVE-2024-5244?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2024-5244?

This is classified as CWE-656, which is a common weakness in software security.

CVE-2024-5244

MEDIUM Year: 2024

CVSS v3 Score

5.0

Medium

Weakness Type

CWE-656

View all →

Vulnerability Description

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439.

CVE-2020-10277

MEDIUM

CVSS:6.4(Medium)

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually addin...

CWE-6562020

CVE-2025-41652

CRITICAL

CVSS:9.8(Critical)

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to ...

CWE-6562025

CVE-2020-10286

CRITICAL

CVSS:9.4(Critical)

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible file...

CWE-6562020

CVE-2020-10284

CRITICAL

CVSS:9.1(Critical)

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1...

CWE-6562020

CVE-2024-9138

HIGH

CVSS:7.2(High)

Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an a...

CWE-6562024