CVE-2022-25062

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR840N(ES) version V6.20 180709

Description The issue is related to an integer overflow in the dm checkString() function of the libcmm.so module in the TP-Link TL-WR840N(ES) router's firmware. This can be exploited by sending a crafted HTTP request, potentially allowing an attacker to cause a Denial of Service (DoS). The dm checkString() function is vulnerable to integer overflow, which can be triggered via a specially crafted HTTP request.

Recommendations For TP-Link TL-WR840N(ES) version V6.20 180709, consider disabling the dm checkString() function as a temporary workaround until a patch is available. Restrict access to the vulnerable module libcmm.so to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.