Lucene search

[email protected]NVD:CVE-2023-36356

HistoryJun 22, 2023 - 8:15 p.m.

CVE-2023-36356

2023-06-2220:15:09

CWE-125

[email protected]

web.nvd.nist.gov

tp-link

routers

buffer overflow

vulnerability

denial of service

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

25.9%

JSON

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Affected configurations

Nvd

Node

tp-linktl-wr940n_firmwareMatch-

AND

tp-linktl-wr940nMatchv4

Node

tp-linktl-wr841n_firmwareMatch-

AND

tp-linktl-wr841nMatchv8

Node

tp-linktl-wr740n_firmwareMatch-

AND

tp-linktl-wr740nMatchv1

Node

tp-linktl-wr740n_firmwareMatch-

AND

tp-linktl-wr740nMatchv2

Node

tp-linktl-wr940n_firmwareMatch-

AND

tp-linktl-wr940nMatchv2

Node

tp-linktl-wr941nd_firmwareMatch-

AND

tp-linktl-wr941ndMatchv5

Node

tp-linktl-wr940n_firmwareMatch-

AND

tp-linktl-wr940nMatchv6

VendorProductVersionCPE
tp-linktl-wr940n_firmware-cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*
tp-linktl-wr940nv4cpe:2.3:h:tp-link:tl-wr940n:v4:*:*:*:*:*:*:*
tp-linktl-wr841n_firmware-cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*
tp-linktl-wr841nv8cpe:2.3:h:tp-link:tl-wr841n:v8:*:*:*:*:*:*:*
tp-linktl-wr740n_firmware-cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*
tp-linktl-wr740nv1cpe:2.3:h:tp-link:tl-wr740n:v1:*:*:*:*:*:*:*
tp-linktl-wr740nv2cpe:2.3:h:tp-link:tl-wr740n:v2:*:*:*:*:*:*:*
tp-linktl-wr940nv2cpe:2.3:h:tp-link:tl-wr940n:v2:*:*:*:*:*:*:*
tp-linktl-wr941nd_firmware-cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:*:*:*:*:*:*:*
tp-linktl-wr941ndv5cpe:2.3:h:tp-link:tl-wr941nd:v5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	tl-wr940n_firmware	-	cpe:2.3:o:tp-link:tl-wr940n_firmware:-:::::::*
tp-link	tl-wr940n	v4	cpe:2.3:h:tp-link:tl-wr940n:v4:::::::*
tp-link	tl-wr841n_firmware	-	cpe:2.3:o:tp-link:tl-wr841n_firmware:-:::::::*
tp-link	tl-wr841n	v8	cpe:2.3:h:tp-link:tl-wr841n:v8:::::::*
tp-link	tl-wr740n_firmware	-	cpe:2.3:o:tp-link:tl-wr740n_firmware:-:::::::*
tp-link	tl-wr740n	v1	cpe:2.3:h:tp-link:tl-wr740n:v1:::::::*
tp-link	tl-wr740n	v2	cpe:2.3:h:tp-link:tl-wr740n:v2:::::::*
tp-link	tl-wr940n	v2	cpe:2.3:h:tp-link:tl-wr940n:v2:::::::*
tp-link	tl-wr941nd_firmware	-	cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:::::::*
tp-link	tl-wr941nd	v5	cpe:2.3:h:tp-link:tl-wr941nd:v5:::::::*

Rows per page:

1-10 of 111

References

github.com/a101e-IoTvul/iotvul/blob/main/tp-link/4/TL-WR941ND_TL-WR940N_TL-WR740N_userRpm_VirtualServerRpm.md

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

25.9%

JSON

Related for NVD:CVE-2023-36356

prion1 cvelist1 cve1