CVE-2019-13267

Name of the Vulnerable Software and Affected Versions TP-Link Archer C3200 version 1 TP-Link Archer C2 version 1

Description The issue is related to insufficient compartmentalization between a host network and a guest network established by the same device. An attacker can exploit this by joining and then leaving an IGMP group, causing the router to create an IGMP Membership Query packet with the Group IP and send it to both the host and guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. This vulnerability exists due to insufficient input validation in the router's firmware, allowing a remote attacker to bypass the separation between the host and guest networks using the IGMP protocol.

Recommendations For TP-Link Archer C3200 version 1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For TP-Link Archer C2 version 1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.