CVE-2023-46371

Name of the Vulnerable Software and Affected Versions TP-Link TL-WDR7660 version 2.0.30 TP-Link TL-WR886N version 2.0.12

Description The issue is related to a stack overflow vulnerability in the upgradeInfoJsonToBin function of the TP-Link device's firmware, which can be exploited by a remote attacker to execute arbitrary code. This vulnerability is associated with reading data beyond the buffer boundaries in memory.

Recommendations For TP-Link TL-WDR7660 version 2.0.30, consider disabling the upgradeInfoJsonToBin function until a patch is available. For TP-Link TL-WR886N version 2.0.12, restrict access to the upgradeInfoJsonToBin function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.