CVE-2019-13266

Name of the Vulnerable Software and Affected Versions TP-Link Archer C3200 version 1 TP-Link Archer C2 version 1

Description The issue is related to insufficient compartmentalization between a host network and a guest network established by the same device. It involves the DHCP protocol, where a DHCP Request is sent to the router with a specific Transaction ID field. The router responds with an ACK or NAK message. In the NAK case, the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows data to be encoded and sent cross-router into the 32-bit Transaction ID field. The vulnerability exists due to insufficient input validation in the router's firmware, which can be exploited by a remote attacker to bypass the separation between the host and guest networks using the DHCP protocol.

Recommendations For TP-Link Archer C3200 version 1, consider disabling the DHCP protocol temporarily until a patch is available. For TP-Link Archer C2 version 1, restrict access to the guest network to minimize the risk of exploitation. As a temporary workaround, avoid using the Transaction ID field in the DHCP Request until the issue is resolved.