Sign-up

ID

VAR-201303-0450


TITLE

TP-LINK TL-WR740N Router Denial of Service Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2013-02042 // BID: 58623 // CNNVD: CNNVD-201303-457

DESCRIPTION

The TP-LINK TL-WR740N is a wireless router device. A denial of service vulnerability exists in the TP-LINK TL-WR740N router. An attacker could exploit the vulnerability to cause the affected device to crash, resulting in a denial of service. TL-WR740N 3.16.4 Build 130205 Rel.63875n is vulnerable; other versions may also be affected. The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch. The wireless N Router is 802.11b&g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps at an even more affordable price. Bordering on 11n and surpassing 11g speed enables high bandwidth consuming applications like video streaming to be more fluid.The TP-Link WR740N Wireless N Router network device is exposed to a remote denial of service vulnerability when processing a HTTP request. This issue occurs when the web server (httpd) fails to handle a HTTP GET request over a given default TCP port 80. Sending a sequence of three dots (...) to the router will crash its httpd service denying the legitimate users access to the admin control panel management interface. To bring back the http srv and the admin UI, a user must physically reboot the router.Tested on: Router Webserver

Trust: 0.9

sources: CNVD: CNVD-2013-02042 // BID: 58623 // ZSL: ZSL-2013-5135

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-02042

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr740nscope:eqversion:4.23

Trust: 0.6

vendor:tplinkmodel:tp-link tl-wrscope:eqversion:firmware version: 3.16.4 build 130205 rel.63875n (released: 2/5/2013)

Trust: 0.1

vendor:tplinkmodel:tp-link tl-wrscope:eqversion:hardware version: wr740n v4 00000000 (v4.23)

Trust: 0.1

vendor:tplinkmodel:tp-link tl-wrscope:eqversion:model no. tl-wr740n / tl-wr740nd

Trust: 0.1

sources: ZSL: ZSL-2013-5135 // CNVD: CNVD-2013-02042

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-02042
value: MEDIUM

Trust: 0.6

ZSL: ZSL-2013-5135
value: (2/5)

Trust: 0.1

CNVD: CNVD-2013-02042
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: ZSL: ZSL-2013-5135 // CNVD: CNVD-2013-02042

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-457

TYPE

Design Error

Trust: 0.3

sources: BID: 58623

EXPLOIT AVAILABILITY

sources:
            
            
            ZSL: ZSL-2013-5135

EXTERNAL IDS
db:BIDid:58623
Trust: 1.6
db:CNVDid:CNVD-2013-02042
Trust: 0.6
db:CNNVDid:CNNVD-201303-457
Trust: 0.6
db:EXPLOIT-DBid:24866
Trust: 0.1
db:XFid:82995
Trust: 0.1
db:VULDBid:8076
Trust: 0.1
db:SECUNIAid:52713
Trust: 0.1
db:OSVDBid:91581
Trust: 0.1
db:PACKETSTORMid:120893
Trust: 0.1
db:CXSECURITYid:WLB-2013030181
Trust: 0.1
db:ZSLid:ZSL-2013-5135
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2013-5135 // 
            
            
            
            CNVD: CNVD-2013-02042 // 
            
            
            
            BID: 58623 // 
            
            
            
            CNNVD: CNNVD-201303-457

REFERENCES
url:http://www.securityfocus.com/bid/58623
Trust: 1.3
url:http://packetstormsecurity.com/files/120893
Trust: 0.1
url:http://cxsecurity.com/issue/wlb-2013030181
Trust: 0.1
url:http://www.exploit-db.com/exploits/24866/
Trust: 0.1
url:http://1337day.com/exploit/20540
Trust: 0.1
url:http://www.osvdb.org/show/osvdb/91581
Trust: 0.1
url:http://secunia.com/advisories/52713/
Trust: 0.1
url:http://xforce.iss.net/xforce/xfdb/82995
Trust: 0.1
url:http://www.tp-link.us/support/download/?model=tl-wr740n&version=v4
Trust: 0.1
url:http://www.scip.ch/en/?vuldb.8076
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2013-5135 // 
            
            
            
            CNVD: CNVD-2013-02042 // 
            
            
            
            CNNVD: CNNVD-201303-457

CREDITS
Gjoko Krstic
Trust: 0.9
sources:
            
            
            BID: 58623 // 
            
            
            
            CNNVD: CNNVD-201303-457

SOURCES
db:ZSLid:ZSL-2013-5135
db:CNVDid:CNVD-2013-02042
db:BIDid:58623
db:CNNVDid:CNNVD-201303-457

LAST UPDATE DATE
2022-10-19T22:38:17.593000+00:00

SOURCES UPDATE DATE
db:ZSLid:ZSL-2013-5135date:2013-05-27T00:00:00
db:CNVDid:CNVD-2013-02042date:2013-03-25T00:00:00
db:BIDid:58623date:2013-03-21T00:00:00
db:CNNVDid:CNNVD-201303-457date:2013-03-25T00:00:00

SOURCES RELEASE DATE
db:ZSLid:ZSL-2013-5135date:2013-03-21T00:00:00
db:CNVDid:CNVD-2013-02042date:2013-03-25T00:00:00
db:BIDid:58623date:2013-03-21T00:00:00
db:CNNVDid:CNNVD-201303-457date:2013-03-22T00:00:00