Two critical vulnerabilities found in TP-Link VN020-F3v(T) router's UPnP implementation affecting the WANIPConnection service. These vulnerabilities enable unauthenticated attackers to trigger denial of service and potential memory corruption via malformed SOAP requests.
The exploit triggers multiple memory corruption vectors in DHCP parsing of TP-Link VN020 F3v(T) TT_V6.2.1021 routers. It involves a stack overflow through an oversized hostname (127 bytes), parser confusion via malformed length fields, and a vendor-specific option parsing edge case. By sending a crafted DHCP DISCOVER packet, the attacker overflows the hostname buffer and corrupts length fields in DHCP options, leading to a service crash.
A critical buffer overflow and memory corruption vulnerability was found in the FTP server implementation of TP-Link VN020-F3v(T) router due to improper input validation of the USER command. Attackers can exploit this issue to manipulate payload size and trigger various failure modes, including delayed crash, immediate crash, and undefined behavior.
The TP-LINK TL-WR740N router with version 3.12.11 Build 110915 Rel.40896n is vulnerable to multiple HTML injection issues. An attacker can inject malicious HTML code into the Target Description box under Access control settings, leading to potential cross-site scripting (XSS) attacks.
The exploit allows an attacker to access sensitive files like /etc/shadow on TP-Link TL-WR740N routers with firmware version 3.12.11 Build 110915 Rel.40896n. This can lead to unauthorized access and potential compromise of the device. This vulnerability has not been assigned a CVE yet.
A buffer overflow vulnerability in TP-Link TL-WR740 router allows attackers to crash the web server by sending a specially crafted request, requiring a physical reboot to restore functionality.
The TP-LINK TL-WR740N router version 3.12.11 Build 110915 Rel.40896n is vulnerable to multiple HTML injection issues. By inserting HTML code like <h1>Hello<h1> into the Target Description box under Access control settings, an attacker can inject arbitrary HTML code into the webpage.
The exploit allows an unauthenticated user to traverse directories and access sensitive system files like /etc/shadow on TP-Link TL-WR740N version 3.12.11 Build 110915 Rel.40896n. This vulnerability could lead to unauthorized access to critical system information.
A buffer overflow vulnerability exists in TP-Link TL-WR740N router, allowing an attacker to crash the web server by sending a specially crafted request. Rebooting the router is necessary to restore the web server functionality.
A buffer overflow vulnerability exists in TP-Link TL-WR740 router, allowing attackers to crash the web server by sending a specially crafted request. Rebooting the router is required to restore the web server functionality.
Services By CQR