The vulnerability was discovered and researched by Andres Lopez Luksenberg from Core Security Exploit Team. Vulnerabilities were found in the implementation of this protocol, that could lead to remote code execution and information leak (credentials acquisition) If the message handler accepts the “Get configuration” message type, this will result in the program leaking the web interface configuration file, which includes the web login credentials. Other devices might be affected, but they were not tested, and no workarounds are available for this device.”]
Source: https://www.coresecurity.com/core-labs/advisories/tp-link-tddp-multiple-vulnerabilities