Details of VAR-201412-0139

ID

VAR-201412-0139

CVE

CVE-2014-9350

TITLE

TP-Link TL-WR740N 'PingIframeRpm.htm' Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-08509 // BID: 71255

DESCRIPTION

TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlService disruption by a third party (httpd crash ) There is a possibility of being put into a state. The TP-LINK TL-WR740N is a wireless router device. TP-Link TL-WR740N is prone to a denial-of-service vulnerability. The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch. The wireless N Router is 802.11b&g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps at an even more affordable price. Bordering on 11n and surpassing 11g speed enables high bandwidth consuming applications like video streaming to be more fluid.The TP-Link WR740N Wireless N Router network device is exposed to adenial of service vulnerability when processing a HTTP GET request. Thisissue occurs when the web server (httpd) fails to handle a HTTP GET requestover a given default TCP port 80. Resending the value 'new' to the 'isNew'parameter in 'PingIframeRpm.htm' script to the router thru a proxy willcrash its httpd service denying the legitimate users access to the admincontrol panel management interface. To bring back the http srv and theadmin UI, a user must physically reboot the router.Tested on: Router Webserver. A security vulnerability exists in the PingIframeRpm.htm script of TP-LINK TL-WR740N. The following versions are affected: TP-LINK TL-WR740N version 4 using firmware versions 3.17.0 Build 140520, 3.16.6 Build 130529 and 3.16.4 Build 130205

Trust: 2.88

sources: NVD: CVE-2014-9350 // JVNDB: JVNDB-2014-005843 // CNVD: CNVD-2014-08509 // BID: 77725 // BID: 71255 // ZSL: ZSL-2014-5210 // VULHUB: VHN-77295

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08509

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	4	Trust: 2.1
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	3.17.0	Trust: 1.6
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	3.16.4	Trust: 1.6
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	3.16.6	Trust: 1.6
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	3.16.4 build 130205	Trust: 0.8
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	3.16.6 build 130529	Trust: 0.8
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	3.17.0 build 140520	Trust: 0.8
vendor:	tp link	model:	tl-wr740n	scope:	-	version:	-	Trust: 0.6
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	3.17.0140520	Trust: 0.3
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	3.16.6130529	Trust: 0.3
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	3.16.4130205	Trust: 0.3
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	4.23	Trust: 0.3
vendor:	tp link	model:	tl-wr740n build	scope:	eq	version:	3.17.0140520	Trust: 0.3
vendor:	tp link	model:	tl-wr740n build	scope:	eq	version:	3.16.6130529	Trust: 0.3
vendor:	tp link	model:	tl-wr740n build	scope:	eq	version:	3.16.4130205	Trust: 0.3
vendor:	tplink	model:	tp-link tl-wr	scope:	eq	version:	firmware version: 3.17.0 build 140520 rel.75075n (released: 5/20/2014)	Trust: 0.1
vendor:	tplink	model:	tp-link tl-wr	scope:	eq	version:	firmware version: 3.16.6 build 130529 rel.47286n (released: 5/29/2013)	Trust: 0.1
vendor:	tplink	model:	tp-link tl-wr	scope:	eq	version:	firmware version: 3.16.4 build 130205 rel.63875n (released: 2/5/2013)	Trust: 0.1
vendor:	tplink	model:	tp-link tl-wr	scope:	eq	version:	hardware version: wr740n v4 00000000 (v4.23)	Trust: 0.1
vendor:	tplink	model:	tp-link tl-wr	scope:	eq	version:	model no. tl-wr740n / tl-wr740nd	Trust: 0.1

sources: ZSL: ZSL-2014-5210 // CNVD: CNVD-2014-08509 // BID: 77725 // BID: 71255 // JVNDB: JVNDB-2014-005843 // CNNVD: CNNVD-201411-466 // NVD: CVE-2014-9350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9350
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-9350
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-08509
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201411-466
value:	MEDIUM
Trust: 0.6
ZSL:	ZSL-2014-5210
value:	(2/5)
Trust: 0.1
VULHUB:	VHN-77295
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-9350
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-08509
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-77295
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZSL: ZSL-2014-5210 // CNVD: CNVD-2014-08509 // VULHUB: VHN-77295 // JVNDB: JVNDB-2014-005843 // CNNVD: CNNVD-201411-466 // NVD: CVE-2014-9350

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-77295 // JVNDB: JVNDB-2014-005843 // NVD: CVE-2014-9350

THREAT TYPE

network

Trust: 0.6

sources: BID: 77725 // BID: 71255

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201411-466

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005843

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2014-5210 // VULHUB: VHN-77295

PATCH

title:

TL-WR740N

url:

http://www.tplink.com/au/products/details/?model=TL-WR740N

Trust: 0.8

sources: JVNDB: JVNDB-2014-005843

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9350	Trust: 3.5
db:	ZSL	id:	ZSL-2014-5210	Trust: 3.2
db:	EXPLOIT-DB	id:	35345	Trust: 1.8
db:	PACKETSTORM	id:	129227	Trust: 1.8
db:	OSVDB	id:	115017	Trust: 1.8
db:	BID	id:	71255	Trust: 1.6
db:	XF	id:	98927	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-005843	Trust: 0.8
db:	CNNVD	id:	CNNVD-201411-466	Trust: 0.7
db:	CNVD	id:	CNVD-2014-08509	Trust: 0.6
db:	BID	id:	77725	Trust: 0.4
db:	CXSECURITY	id:	WLB-2014110153	Trust: 0.1
db:	VULHUB	id:	VHN-77295	Trust: 0.1

sources: ZSL: ZSL-2014-5210 // CNVD: CNVD-2014-08509 // VULHUB: VHN-77295 // BID: 77725 // BID: 71255 // JVNDB: JVNDB-2014-005843 // CNNVD: CNNVD-201411-466 // NVD: CVE-2014-9350

REFERENCES

url:	http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5210.php	Trust: 3.1
url:	http://www.exploit-db.com/exploits/35345	Trust: 1.7
url:	http://packetstormsecurity.com/files/129227/tp-link-tl-wr740n-denial-of-service.html	Trust: 1.7
url:	http://www.osvdb.org/115017	Trust: 1.7
url:	http://www.securityfocus.com/bid/71255	Trust: 1.3
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98927	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/98927	Trust: 1.0
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9350	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9350	Trust: 0.8
url:	http://www.tp-link.com/en/	Trust: 0.3
url:	http://cxsecurity.com/issue/wlb-2014110153	Trust: 0.1
url:	http://www.exploit-db.com/exploits/35345/	Trust: 0.1
url:	http://packetstormsecurity.com/files/129227	Trust: 0.1
url:	http://osvdb.org/show/osvdb/115017	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9350	Trust: 0.1

CREDITS

Gjoko Krstic

Trust: 0.9

sources: BID: 71255 // CNNVD: CNNVD-201411-466

SOURCES

db:	ZSL	id:	ZSL-2014-5210
db:	CNVD	id:	CNVD-2014-08509
db:	VULHUB	id:	VHN-77295
db:	BID	id:	77725
db:	BID	id:	71255
db:	JVNDB	id:	JVNDB-2014-005843
db:	CNNVD	id:	CNNVD-201411-466
db:	NVD	id:	CVE-2014-9350

LAST UPDATE DATE

2025-04-13T23:41:26.461000+00:00

SOURCES UPDATE DATE

db:	ZSL	id:	ZSL-2014-5210	date:	2014-12-09T00:00:00
db:	CNVD	id:	CNVD-2014-08509	date:	2014-11-26T00:00:00
db:	VULHUB	id:	VHN-77295	date:	2017-09-08T00:00:00
db:	BID	id:	77725	date:	2014-12-08T00:00:00
db:	BID	id:	71255	date:	2014-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-005843	date:	2014-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201411-466	date:	2015-04-30T00:00:00
db:	NVD	id:	CVE-2014-9350	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZSL	id:	ZSL-2014-5210	date:	2014-11-22T00:00:00
db:	CNVD	id:	CNVD-2014-08509	date:	2014-11-26T00:00:00
db:	VULHUB	id:	VHN-77295	date:	2014-12-08T00:00:00
db:	BID	id:	77725	date:	2014-12-08T00:00:00
db:	BID	id:	71255	date:	2014-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-005843	date:	2014-12-10T00:00:00
db:	CNNVD	id:	CNNVD-201411-466	date:	2014-11-25T00:00:00
db:	NVD	id:	CVE-2014-9350	date:	2014-12-08T16:59:22.370