Buffer Overflow Vulnerability in TP-Link TL-WR940N V4 Router
CVE-2023-36355

9.9CRITICAL

Key Information:

Vendor: Tp-link
Status: Tl-wr940n Firmware
Vendor: CVE Published:; 22 June 2023

What is CVE-2023-36355?

A buffer overflow vulnerability has been identified in the TP-Link TL-WR940N V4 wireless router. This issue is triggered through the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm, where an attacker can exploit it through a specially crafted GET request. Successfully executing this attack can lead to a Denial of Service condition, rendering the device unresponsive. It is crucial for users to apply the latest firmware updates to mitigate this risk and secure their network.

References

https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/...

http://packetstormsecurity.com/files/173294/TP-Link-TL-WR...

EPSS Score

26% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2023
Vulnerability Reserved
Jun 21, 2023

Tp-link

What is CVE-2023-36355?

References

EPSS Score

CVSS V3.1

Timeline