Joward

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR940N versions 3.16.9 and earlier **Description** The issue is related to a buffer overflow in the handling of the `dnsserver1` and `dnsserver2` parameters at the "/userRpm/Wan6to4TunnelCfgRpm.htm" API endpoint. This allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user. A proof-of-concept exploit is available, demonstrating the risk of remote code execution. **Recommendations** For TP-Link TL-WR940N versions 3.16.9 and earlier, consider disabling access to the "/userRpm/Wan6to4TunnelCfgRpm.htm" API endpoint until a patch is available. Restrict the use of the `dnsserver1` and `dnsserver2` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.