CVE-2018-17017

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR886N versions 6.0 2.3.4 through 7.0 1.1.0

Description An issue allows authenticated attackers to crash router services, including inetd, HTTP, DNS, and UPnP, by sending long JSON data for dhcpd udhcpd enable.

Recommendations For TP-Link TL-WR886N versions 6.0 2.3.4 through 7.0 1.1.0, consider restricting access to the dhcpd and udhcpd services until a patch is available. As a temporary workaround, limit the length of JSON data accepted by these services to prevent crashes. At the moment, there is no information about a newer version that contains a fix for this issue.