CVE-2019-15060

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR840N version 0.9.1 3.16 and earlier

Description The issue concerns the traceroute function, which is vulnerable to remote code execution. This can be achieved by sending a crafted payload in an IP address input field. The vulnerability is related to insufficient input validation, allowing a remote attacker to execute arbitrary code using a specially crafted payload.

Recommendations For TP-Link TL-WR840N version 0.9.1 3.16 and earlier, consider disabling the traceroute function until a patch is available to prevent potential exploitation. Restrict access to the router's IP address input field to minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.