CVE-2021-44864

Name of the Vulnerable Software and Affected Versions TP-Link WR886N version 3.0 1.0.1 Build 150127 Rel.34123n

Description The issue allows authenticated attackers to crash the router's httpd services by sending a request to the "/userRpm/PingIframeRpm.htm" API endpoint with a parameter containing redundant '&' characters, potentially causing a buffer overflow.

Recommendations For TP-Link WR886N version 3.0 1.0.1 Build 150127 Rel.34123n, consider restricting access to the "/userRpm/PingIframeRpm.htm" API endpoint to prevent potential exploitation. Avoid using parameters with redundant '&' characters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.