CVE-2021-27246

Name of the Vulnerable Software and Affected Versions: TP-Link Archer A7 AC1750 version 1.0.15

Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of MAC addresses by the "tdpServer" endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this issue to execute code in the context of the root user.

Recommendations: For TP-Link Archer A7 AC1750 version 1.0.15, as a temporary workaround, consider restricting access to the tdpServer endpoint until a patch is available. Avoid using crafted TCP messages that can write stack pointers to the stack. At the moment, there is no information about a newer version that contains a fix for this issue.