A critical zero-day vulnerability has been found in several TP-Link router models, posing significant security risks. This flaw, a buffer overflow in the CPE WAN Management Protocol (CWMP), allows attackers to execute arbitrary code and redirect DNS requests to malicious servers. Discovered by the researcher Mehrun (ByteRay) on May 11, 2024, TP-Link has acknowledged the issue and is working on firmware updates, currently available only for European versions, with other regions to follow. The vulnerability is found in the processing function of SOAP SetParameterValues messages, where improper handling of strncpy calls can lead to code execution if the input buffer exceeds 3072 bytes. Exploiting this flaw could allow attackers to redirect DNS requests, intercept or modify unencrypted traffic, and inject malicious content. Affected models include the popular Archer AX10 and Archer AX1500. TP-Link advises users to change default admin passwords, disable unused CWMP, update firmware, and isolate routers from network segments if possible.
What should you know about the TP-Link router vulnerability before the patch is released?
