Buffer Overflow Vulnerability in TP-Link Wireless Routers
CVE-2023-39747

9.8CRITICAL

Key Information:

Vendor: Tp-link
Status: Tl-wr940n V2 Firmware
Vendor: CVE Published:; 21 August 2023

Summary

A buffer overflow vulnerability has been identified in certain TP-Link wireless routers, including models WR841N V8, TL-WR940N V2, and TL-WR941ND V5. This vulnerability occurs in the 'radiusSecret' parameter on the /userRpm/WlanSecurityRpm endpoint. An attacker can exploit this flaw to potentially execute arbitrary code, leading to unauthorized access and compromises in device integrity. Users are advised to apply the latest firmware updates and enhance their network security configurations to mitigate these risks.

References

https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2023
Vulnerability Reserved
Aug 7, 2023