Matek Kamillo

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU) V5 171211 **Description** The PING function is vulnerable to remote code execution via a crafted payload in an IP address input field. This issue is related to incorrect code generation management. A remote attacker can exploit this to execute arbitrary code. A botnet known as Dark Mirai (also known as MANGA) has been using this vulnerability on the TP-Link TL-WR840N EU V5 router. **Recommendations** For TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU) V5 171211, update the firmware to a version later than TL-WR840N(EU) V5 171211 to resolve the issue. As a temporary workaround, consider restricting access to the PING function until a patch is available. Avoid using crafted payloads in IP address input fields to minimize the risk of exploitation.