CVE-2024-37662 identifies a vulnerability in the TP-LINK TL-7DR5130 router firmware version 1.0.23, where the device improperly handles TCP reset (RST) packets within the same WLAN. The router maintains NAT mappings to translate internal IP addresses to external ones for outbound connections. An attacker on the same wireless network can craft and send forged TCP RST packets targeting active NAT sessions, causing the router to prematurely evict these mappings. This results in disruption of ongoing TCP connections, effectively causing denial of service (DoS) or enabling hijacking of traffic by manipulating session states. The vulnerability stems from insufficient validation of TCP RST packets, classified under CWE-940 (Improper Control of Generation of Code). Exploitation requires the attacker to have local network access (adjacent network attack vector), low attack complexity, and some user interaction, such as inducing the victim to initiate connections. The CVSS v3.1 base score is 6.3, reflecting medium severity with partial impact on confidentiality and integrity, and high impact on availability. No patches or known exploits are currently reported, but the flaw presents a significant risk in environments where multiple users share WLAN access and rely on this router model for network connectivity.

The vulnerability allows attackers on the same wireless network to disrupt or hijack TCP connections by evicting NAT mappings, leading to denial of service or interception of sensitive data. This compromises the availability and integrity of network communications for affected users. Organizations relying on TP-LINK TL-7DR5130 routers in shared WLAN environments, such as small offices, public Wi-Fi hotspots, or residential networks, face increased risk of session disruption and potential data interception. The attack could degrade user experience, interrupt critical business applications, and expose confidential information if hijacked sessions carry sensitive data. Although exploitation requires local network access, the ease of sending forged TCP RST packets makes this a practical threat in environments with weak WLAN access controls. The absence of patches increases exposure duration, and the vulnerability could be leveraged in targeted attacks against organizations with strategic interests or high-value communications.

To mitigate this vulnerability, organizations should implement strict WLAN access controls to limit attacker presence on the same network segment, including strong WPA3 encryption and client isolation features. Network segmentation should separate critical devices from general user access to reduce attack surface. Monitoring network traffic for abnormal volumes of TCP RST packets can help detect exploitation attempts. Administrators should regularly check for firmware updates from TP-LINK and apply patches promptly once released. Employing intrusion detection/prevention systems (IDS/IPS) capable of identifying forged TCP RST packets can provide additional defense. Encouraging users to avoid connecting to untrusted WLANs and using VPNs can reduce exposure. In the interim, consider replacing vulnerable devices with models that do not exhibit this flaw or have confirmed patches.