Details of VAR-202306-1898

ID

VAR-202306-1898

CVE

CVE-2023-36355

TITLE

TP-Link TL-WR940N Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

DESCRIPTION

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request

Trust: 0.99

sources: NVD: CVE-2023-36355 // VULMON: CVE-2023-36355

AFFECTED PRODUCTS

vendor:

tp link

model:

tl-wr940n

scope:

version:

Trust: 1.0

sources: NVD: CVE-2023-36355

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-36355
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202306-1629
value:	CRITICAL
Trust: 0.6

NVD:
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-36355 // CNNVD: CNNVD-202306-1629

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.0

sources: NVD: CVE-2023-36355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

CONFIGURATIONS

sources: NVD: CVE-2023-36355

PATCH

title:

TP-Link TL-WR940N Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=244072

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

EXTERNAL IDS

db:	NVD	id:	CVE-2023-36355	Trust: 1.7
db:	PACKETSTORM	id:	173294	Trust: 1.6
db:	EXPLOIT-DB	id:	51561	Trust: 0.6
db:	CXSECURITY	id:	WLB-2023070011	Trust: 0.6
db:	CNNVD	id:	CNNVD-202306-1629	Trust: 0.6
db:	VULMON	id:	CVE-2023-36355	Trust: 0.1

sources: VULMON: CVE-2023-36355 // NVD: CVE-2023-36355 // CNNVD: CNNVD-202306-1629

REFERENCES

url:	https://github.com/a101e-iotvul/iotvul/blob/main/tp-link/9/tp-link%20tl-wr940n%20wireless%20router%20userrpmwandynamicipv6cfgrpm%20buffer%20write%20out-of-bounds%20vulnerability.md	Trust: 1.7
url:	http://packetstormsecurity.com/files/173294/tp-link-tl-wr940n-4-buffer-overflow.html	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2023-36355/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/51561	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2023070011	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-36355 // NVD: CVE-2023-36355 // CNNVD: CNNVD-202306-1629

CREDITS

Amirhossein Bahramizadeh

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

SOURCES

db:	VULMON	id:	CVE-2023-36355
db:	NVD	id:	CVE-2023-36355
db:	CNNVD	id:	CNNVD-202306-1629

LAST UPDATE DATE

2023-12-18T13:59:01.933000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-36355	date:	2023-06-23T00:00:00
db:	NVD	id:	CVE-2023-36355	date:	2023-07-04T17:15:10.850
db:	CNNVD	id:	CNNVD-202306-1629	date:	2023-07-06T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-36355	date:	2023-06-22T00:00:00
db:	NVD	id:	CVE-2023-36355	date:	2023-06-22T20:15:09.733
db:	CNNVD	id:	CNNVD-202306-1629	date:	2023-06-22T00:00:00