CVE-2024-37661

Name of the Vulnerable Software and Affected Versions: TP-LINK TL-7DR5130 version 1.0.23

Description: The issue is related to the mechanism of transmitting routing information to hosts via ICMP Redirect in the TP-LINK TL-7DR5130 wireless router's firmware. It is associated with insufficient verification of the communication channel source. An attacker in the same WLAN as the victim can exploit this by sending specially crafted ICMP messages to hijack the traffic between the victim and any remote server.

Recommendations: For TP-LINK TL-7DR5130 version 1.0.23, consider restricting access to the network to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the handling of ICMP redirect messages could help mitigate the issue. However, specific steps for this action are not provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.