TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service
Title: TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service
Advisory ID: ZSL-2014-5210
Type: Local
Impact: DoS
Risk: (2/5)
Release Date: 22.11.2014
Firmware version: 3.16.6 Build 130529 Rel.47286n (Released: 5/29/2013)
Firmware version: 3.16.4 Build 130205 Rel.63875n (Released: 2/5/2013)
Hardware version: WR740N v4 00000000 (v4.23)
Model No. TL-WR740N / TL-WR740ND
[13.11.2014] Contact with the vendor.
[21.11.2014] No response from the vendor.
[22.11.2014] Public security advisory released.
[2] http://www.exploit-db.com/exploits/35345/
[3] http://www.securityfocus.com/bid/71255
[4] http://packetstormsecurity.com/files/129227
[5] http://xforce.iss.net/xforce/xfdb/98927
[6] http://osvdb.org/show/osvdb/115017
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9350
[8] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9350
[24.11.2014] - Added reference [2] and [3]
[25.11.2014] - Added reference [4] and [5]
[26.11.2014] - Added reference [6]
[09.12.2014] - Added reference [7] and [8]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2014-5210
Type: Local
Impact: DoS
Risk: (2/5)
Release Date: 22.11.2014
Summary
The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch. The wireless N Router is 802.11b&g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps at an even more affordable price. Bordering on 11n and surpassing 11g speed enables high bandwidth consuming applications like video streaming to be more fluid.Description
The TP-Link WR740N Wireless N Router network device is exposed to a denial of service vulnerability when processing a HTTP GET request. This issue occurs when the web server (httpd) fails to handle a HTTP GET request over a given default TCP port 80. Resending the value 'new' to the 'isNew' parameter in 'PingIframeRpm.htm' script to the router thru a proxy will crash its httpd service denying the legitimate users access to the admin control panel management interface. To bring back the http srv and the admin UI, a user must physically reboot the router.Vendor
TP-LINK Technologies Co., Ltd. - http://www.tp-link.usAffected Version
Firmware version: 3.17.0 Build 140520 Rel.75075n (Released: 5/20/2014)Firmware version: 3.16.6 Build 130529 Rel.47286n (Released: 5/29/2013)
Firmware version: 3.16.4 Build 130205 Rel.63875n (Released: 2/5/2013)
Hardware version: WR740N v4 00000000 (v4.23)
Model No. TL-WR740N / TL-WR740ND
Tested On
Router WebserverVendor Status
[13.11.2014] Vulnerability discovered.[13.11.2014] Contact with the vendor.
[21.11.2014] No response from the vendor.
[22.11.2014] Public security advisory released.
PoC
tplink_mitmdos.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://cxsecurity.com/issue/WLB-2014110153[2] http://www.exploit-db.com/exploits/35345/
[3] http://www.securityfocus.com/bid/71255
[4] http://packetstormsecurity.com/files/129227
[5] http://xforce.iss.net/xforce/xfdb/98927
[6] http://osvdb.org/show/osvdb/115017
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9350
[8] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9350
Changelog
[22.11.2014] - Initial release[24.11.2014] - Added reference [2] and [3]
[25.11.2014] - Added reference [4] and [5]
[26.11.2014] - Added reference [6]
[09.12.2014] - Added reference [7] and [8]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
