Details of VAR-202406-1806

ID

VAR-202406-1806

CVE

CVE-2024-37661

TITLE

TP-LINK Technologies of TL-7DR5130 Same-origin policy violation vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-024851

DESCRIPTION

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages. TP-LINK Technologies of TL-7DR5130 The firmware contains a vulnerability related to violation of the same origin policy.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-Link TL-7DR5130 is a wireless router from China's TP-LINK company

Trust: 2.16

sources: NVD: CVE-2024-37661 // JVNDB: JVNDB-2024-024851 // CNVD: CNVD-2024-29651

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-29651

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-7dr5130	scope:	eq	version:	1.0.23	Trust: 1.6
vendor:	tp link	model:	tl-7dr5130	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-7dr5130	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-7dr5130	scope:	eq	version:	tl-7dr5130 firmware 1.0.23	Trust: 0.8

sources: CNVD: CNVD-2024-29651 // JVNDB: JVNDB-2024-024851 // NVD: CVE-2024-37661

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-37661
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-024851
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-29651
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-29651
severity:	MEDIUM
baseScore:	6.7
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-37661
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	4.7
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-024851
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-29651 // JVNDB: JVNDB-2024-024851 // NVD: CVE-2024-37661

PROBLEMTYPE DATA

problemtype:	CWE-346	Trust: 1.0
problemtype:	Same-origin policy violation (CWE-346) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-024851 // NVD: CVE-2024-37661

EXTERNAL IDS

db:	NVD	id:	CVE-2024-37661	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-024851	Trust: 0.8
db:	CNVD	id:	CNVD-2024-29651	Trust: 0.6

sources: CNVD: CNVD-2024-29651 // JVNDB: JVNDB-2024-024851 // NVD: CVE-2024-37661

REFERENCES

url:	https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/tl-7dr5130-redirect.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-37661	Trust: 0.8

sources: CNVD: CNVD-2024-29651 // JVNDB: JVNDB-2024-024851 // NVD: CVE-2024-37661

SOURCES

db:	CNVD	id:	CNVD-2024-29651
db:	JVNDB	id:	JVNDB-2024-024851
db:	NVD	id:	CVE-2024-37661

LAST UPDATE DATE

2025-06-12T02:15:15.912000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-29651	date:	2024-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-024851	date:	2025-06-10T01:36:00
db:	NVD	id:	CVE-2024-37661	date:	2025-06-06T17:09:35.177

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-29651	date:	2024-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-024851	date:	2025-06-10T00:00:00
db:	NVD	id:	CVE-2024-37661	date:	2024-06-17T18:15:17.463