A newly discovered zero-day vulnerability in the CWMP implementation of TP-Link routers poses a serious security risk to thousands of users worldwide. The
"[It] affects several popular models, including the Archer AX10 and AX1500.
[…] input from external messages is used directly to calculate a buffer length […] without any boundary checks. […] A payload of 4096 bytes […] confirmed that the program counter can be overwritten. This means that complete system compromise with root privileges is achievable."
"[It] affects several popular models, including the Archer AX10 and AX1500.
[…] input from external messages is used directly to calculate a buffer length […] without any boundary checks. […] A payload of 4096 bytes […] confirmed that the program counter can be overwritten. This means that complete system compromise with root privileges is achievable."
Sounds very fixable