Main Vulnerability Database SB2017062202

SB2017062202 - Remote code execution in TP-Link PTWR841N V8

Published: June 22, 2017

Security Bulletin ID SB2017062202

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Stack-based buffer overflow (CVE-ID: CVE-2017-9466)

The vulnerability allows a remote attacker to execute arbitrary code on the target device.

The weakness exists due to a logic flaw in a configuration service. A remote attacker can circumvent access controls, reset the router’s credentials, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability results in system compromise.

Remediation

Install update from vendor's website.

References

https://threatpost.com/tp-link-fixes-code-execution-vulnerability-in-end-of-life-routers/126416/
http://blog.senr.io/blog/cve-2017-9466-why-is-my-router-blinking-morse-code#Conclusion