CVE-2023-46522
Description
TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack overflow in deviceInfoRegister function in TP-LINK TL-WR886N and TL-WDR7660 routers allows remote code execution.
Vulnerability
A stack overflow vulnerability exists in the deviceInfoRegister function of the web interface in TP-LINK TL-WR886N V7.0 (firmware version 3.0.14_Build_221115_Rel.56908n.bin) and TL-WDR7660 (firmware version 2.0.30). The flaw is triggered when processing a specially crafted HTTP request, overwhelming the stack buffer without proper bounds checking.
Exploitation
An attacker with network access to the affected router can send a maliciously crafted request to the deviceInfoRegister endpoint. The proof-of-concept code is publicly available [1], demonstrating the exact payload required to overwrite the stack and hijack execution flow.
Impact
Successful exploitation yields arbitrary code execution with root privileges, giving the attacker full control over the device. This includes the ability to modify network traffic, exfiltrate data, and pivot to internal networks.
Mitigation
As of the publication date (2023-10-25), no official firmware update has been released to address this vulnerability. Users are advised to restrict remote administration to trusted networks and monitor official TP-LINK security advisories. The affected devices may be approaching or past end-of-life, making a patch unlikely.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- TP-LINK/TL-WR886Ndescription
- Range: = 2.0.30
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.