TP-Link Wireless N Router WR840N - Denial of Service (PoC)

vendor:

TL-WR840N

by:

Aniket Dinda

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: TL-WR840N

Affected Version From: TP-Link Wireless N Router WR840N

Affected Version To: TP-Link Wireless N Router WR840N

Patch Exists: NO

Related CWE: N/A

CPE: h:tp-link:tl-wr840n

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2018

TP-Link Wireless N Router WR840N – Denial of Service (PoC)

An attacker can cause a denial of service (DoS) condition on the TP-Link Wireless N Router WR840N by connecting to the network, opening BurpSuite, intercepting the connection, going to Quick setup, and pasting a string consisting of 2000 zeros into the Authorization: Basic field. This will cause the router to log out and the network connection to be lost, requiring a reboot of the router before it becomes available again.

Mitigation:

Reboot the router after the attack.

Source

Exploit-DB raw data:

# Exploit Title:- TP-Link Wireless N Router WR840N - Denial of Service (PoC)
# Date: 2018-08-05
# Vendor Homepage: https://www.tp-link.com/
# Hardware Link:  https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q
# Version: TP-Link Wireless N Router WR840N
# Category: Hardware
# Exploit Author:  Aniket Dinda
# Tested on: Windows 10
# Web: https://hackingvila.wordpress.com
# CVE: N/A

# Proof Of Concept:

1- First connect to this network.
2- Open BurpSuite and then start the intercept, making the necessary proxy changes to the internet browser.
3- Go to Quick setup. 
4- Now as the Burp is intercept is on, you will find an Authorization: Basic followed by a string. 
5- Now we paste a string consisting of 2000 zeros.
6- Then forward the connection.
7- Then your router automatically logout and net connection will be gone.

You have to reboot your router before it becomes available again.