CVE-2024-48710
Description
In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack overflow in TP-Link TL-WDR7660's wlanTimerRuleJsonToBin function via a long 'name' parameter leads to crash or potential RCE.
Vulnerability
The wlanTimerRuleJsonToBin function in TP-Link TL-WDR7660 firmware version 1.0 does not validate the length of the name parameter before copying it to a fixed-size stack buffer, causing a stack overflow. [1]
Exploitation
An attacker can send a crafted HTTP POST request to the device's management interface with an excessively long name value in the time_switch JSON data, triggering the overflow. No authentication is required if the interface is exposed. [1]
Impact
Successful exploitation causes the stack to overflow, potentially crashing the device or allowing arbitrary code execution with the privileges of the process (likely root). [1]
Mitigation
No official patch has been released as of the publication date. Users should restrict network access to the management interface or upgrade to a later firmware version if available. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.