CVE-2023-39747

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR940N version V2 TP-Link TL-WR941ND version V5 TP-Link WR841N version V8

Description The issue is related to buffer overflow errors in the /userRpm/WlanSecurityRpm component of TP-Link router microprogram software. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service. The vulnerability can be exploited via the radiusSecret parameter at the "/userRpm/WlanSecurityRpm" API endpoint.

Recommendations For TP-Link TL-WR940N version V2, update to a version that fixes the buffer overflow issue in the /userRpm/WlanSecurityRpm component. For TP-Link TL-WR941ND version V5, update to a version that fixes the buffer overflow issue in the /userRpm/WlanSecurityRpm component. For TP-Link WR841N version V8, update to a version that fixes the buffer overflow issue in the /userRpm/WlanSecurityRpm component. As a temporary workaround, consider restricting access to the "/userRpm/WlanSecurityRpm" API endpoint and avoiding the use of the radiusSecret parameter until a patch is available.