TP-Link has been made aware of a buffer overflow vulnerability in the Point-to-Point Protocol Daemon (pppd) discovered by Ilja Van Sprundel. According to the research, a logic flaw in the pppd is the root cause. An unauthenticated attacker may be able to exploit this to trigger a stack-based buffer overflow, which can cause arbitrary code execution.
At TP-Link, customer security comes first. TP-Link is investigating and will keep updating this advisory as more information becomes available. The affected TP-Link products will be updated as soon as possible and the new firmware, with fixed for this issue, will be made available.
If you have concerns about your TP-Link product, please feel free to contact TP-Link Support: https://www.tp-link.com/support/.
For more information about this vulnerability, please refer to: CVE-2020-8597.
Updates:
2020-03-03 Published Advisory