CVE-2023-46527
Description
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack overflow in TP-LINK TL-WR886N V7.0 and TL-WDR7660 2.0.30 via the bindRequestHandle function can lead to remote code execution.
Vulnerability
A stack overflow vulnerability exists in TP-LINK TL-WR886N V7.0 (firmware version 3.0.14_Build_221115_Rel.56908n.bin) and TP-LINK TL-WDR7660 (version 2.0.30). The flaw resides in the bindRequestHandle function, which does not properly validate input length, allowing an attacker to trigger a stack-based buffer overflow [1].
Exploitation
An attacker with network access to the affected device and the ability to send crafted packets to the vulnerable function can exploit this issue. The attack does not require authentication. By sending a specially crafted request to the bindRequestHandle function, the attacker can overflow the stack and overwrite critical data [1].
Impact
Successful exploitation can lead to arbitrary code execution with root privileges, resulting in complete compromise of the device's confidentiality, integrity, and availability. The attacker can gain full control over the router [1].
Mitigation
As of the publication date (2023-10-25), no official patch has been released by TP-LINK. Users should monitor vendor advisories for firmware updates. No workarounds are documented [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- TP-LINK/TL-WR886Ndescription
- Range: 2.0.30
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.