vendor:
TL-WR740N Wireless Router
by:
Gjoko 'LiquidWorm' Krstic
7.5
CVSS
HIGH
Denial of Service
CWE
Product Name: TL-WR740N Wireless Router
Affected Version From: 3.17.0 Build 140520 Rel.75075n (Released: 5/20/2014)
Affected Version To: 3.16.4 Build 130205 Rel.63875n (Released: 2/5/2013)
Patch Exists: NO
Related CWE:
CPE: TL-WR740N
Platforms Tested:
2014
TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service
The TP-Link WR740N Wireless N Router network device is exposed to a denial of service vulnerability when processing a HTTP GET request. This issue occurs when the web server (httpd) fails to handle a HTTP GET request over a given default TCP port 80. Resending the value 'new' to the 'isNew' parameter in 'PingIframeRpm.htm' script to the router thru a proxy will crash its httpd service denying the legitimate users access to the admin control panel management interface. To bring back the http srv and the admin UI, a user must physically reboot the router.
Mitigation:
Not provided