A firmware vulnerability in TP-Link Archer C5 v4 routers could allow unauthorized, remote access to the device with administrative privileges. The bug (CVE-2017-7405) affects models that run firmware version 3.16.0 0.9.1 v600c.0 Build 180124 Rel28919n. The flaw can be exploited by sending through specially crafted CGI requests to the router containing a password request that is either shorter or longer than the expected string. In the first case, the password value is distorted into non-ASCII bytes, which corrupts the password file and causes a denial-of-service issue; in the latter instance, it voids the device s password requirement altogether.
Source: https://threatpost.com/tp-link-routers-cyberattackers-open-door/151254/