Stack-based Buffer Overflow in TP-Link TL-WR940N: Remote Code Execution

Stack-based Buffer Overflow in TP-Link TL-WR940N: Remote Code Execution

CVE-2019-6989 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.

Learn more about our Web Application Penetration Testing UK.