← Advisories

TP-Link TL-WR740N Wireless Router Remote Denial Of Service Exploit

Low

Advisory ID

ZSL-2013-5135

Release Date

21 March 2013

Vendor

TP-LINK Technologies Co., Ltd. - http://www.tp-link.us

Affected Version

Firmware version: 3.16.4 Build 130205 Rel.63875n (Released: 2/5/2013), Hardware version: WR740N v4 00000000 (v4.23), Model No. TL-WR740N / TL-WR740ND

CVE

N/A

Tested On

Router Webserver

Summary

The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch. The wireless N Router is 802.11b&g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps at an even more affordable price. Bordering on 11n and surpassing 11g speed enables high bandwidth consuming applications like video streaming to be more fluid.

Description

The TP-Link WR740N Wireless N Router network device is exposed to a remote denial of service vulnerability when processing a HTTP request. This issue occurs when the web server (httpd) fails to handle a HTTP GET request over a given default TCP port 80. Sending a sequence of three dots (...) to the router will crash its httpd service denying the legitimate users access to the admin control panel management interface. To bring back the http srv and the admin UI, a user must physically reboot the router.

Proof of Concept

tplink_dos.plTXT

Disclosure Timeline

17.03.2013Vulnerability discovered.

18.03.2013Contact with the vendor.

18.03.2013Auto-reply from the vendor, mail received.

20.03.2013No response from the vendor.

21.03.2013Public security advisory released.

21.03.2013Vendor responds asking more details.

21.03.2013Sent detailed information to the vendor.

28.03.2013Vendor fixes the vulnerability in a BETA firmware sent to ZSL.

28.03.2013Researcher verifies the fix, replying to the vendor.