CVE-2023-33537

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR940N versions V2 through V4 TP-Link TL-WR841N versions V8 through V10 TP-Link TL-WR740N versions V1 through V2

Description The issue is related to a buffer overflow in the FixMapCfgRpm component (/userRpm/FixMapCfgRpm.htm) of TP-Link router software. This occurs due to the lack of size checking for input data when handling the Changed parameter. Exploitation of this issue could allow a remote attacker to gain unauthorized access to protected information or cause a denial of service by sending specially crafted requests.

Recommendations For TP-Link TL-WR940N versions V2 through V4, consider disabling access to the /userRpm/FixMapCfgRpm.htm component until a patch is available. For TP-Link TL-WR841N versions V8 through V10, restrict access to the FixMapCfgRpm component to minimize the risk of exploitation. For TP-Link TL-WR740N versions V1 through V2, avoid using the Changed parameter in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.