CVE-2023-36355
published 2023-06-22CVE-2023-36355: TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows…
PriorityP270critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EXPLOIT
EPSS
31.73%
98.1th percentile
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on HTTP GET requests to /userRpm/WanDynamicIpV6CfgRpm containing an abnormally long ipStart parameter value (e.g., >1000 characters), indicative of a buffer overflow attempt against TP-Link TL-WR940N V4. ↗
- →Monitor for repeated or large GET requests targeting the path /userRpm/WanDynamicIpV6CfgRpm on TP-Link router management interfaces, particularly from external or untrusted network segments. ↗
- →Detect GET requests where the ipStart query parameter contains a long repetitive character sequence (e.g., 5000 'A' characters), which is the proof-of-concept trigger for this DoS buffer overflow. ↗
- ·The exploit targets TP-Link TL-WR940N V4 specifically; other hardware versions of the same model may not be affected. ↗
- ·The proof-of-concept uses a default router IP of 192.168.0.1; detection rules should not be scoped solely to this IP, as the management interface may be reachable on other addresses. ↗
- ·The payload length of 5000 bytes is noted as an example in the PoC; real-world attacks may use different lengths, so detection thresholds should be tuned conservatively. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173294/TP-Link-TL-WR940N-4-Buffer-Overflow.htmlhttps://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/9/TP-Link%20TL-WR940N%20wireless%20router%20userRpmWanDynamicIpV6CfgRpm%20buffer%20write%20out-of-bounds%20vulnerability.mdhttp://packetstormsecurity.com/files/173294/TP-Link-TL-WR940N-4-Buffer-Overflow.htmlhttps://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/9/TP-Link%20TL-WR940N%20wireless%20router%20userRpmWanDynamicIpV6CfgRpm%20buffer%20write%20out-of-bounds%20vulnerability.md
2023-06-22
Published