CVE-2024-48713

Vulnerability

A stack overflow vulnerability exists in TP-Link TL-WDR7660 firmware version 1.0. The wacWhitelistJsonToBin function in the /ds endpoint does not validate the length of the name parameter in the JSON request, allowing an attacker to cause a buffer overflow by sending an overly long string [1].

Exploitation

An attacker with network access to the router can exploit this vulnerability by sending a crafted HTTP POST request to the /ds endpoint with a valid session cookie. The request must include a JSON payload where the name field is set to a long string (e.g., "a" * 0x100000). No authentication beyond the session cookie is required, and the cookie can be obtained via a prior login or by capturing it [1].

Impact

Successful exploitation causes the router's server to crash, resulting in denial of service. The router becomes unresponsive, wireless connections are lost, and the administrative web interface becomes inaccessible. The attacker does not gain code execution or persistent access according to the available reference [1].

Mitigation

As of the publication date (2024-10-15), no official fix or update has been released by TP-Link for TL-WDR7660 1.0. The vulnerability remains unpatched. Users may consider restricting network access to the router's management interface or replacing the device with a newer model if available [1].