Lucene search

[email protected]CVE-2023-36356

HistoryJun 22, 2023 - 8:15 p.m.

CVE-2023-36356

2023-06-2220:15:09

CWE-125

[email protected]

web.nvd.nist.gov

cve-2023-36356

tp-link

router

buffer overflow

denial of service

nvd

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.7%

JSON

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Affected configurations

NVD

Node

tp-linktl-wr940n_firmwareMatch-

AND

tp-linktl-wr940nMatchv4

Node

tp-linktl-wr841n_firmwareMatch-

AND

tp-linktl-wr841nMatchv8

Node

tp-linktl-wr740n_firmwareMatch-

AND

tp-linktl-wr740nMatchv1

Node

tp-linktl-wr740n_firmwareMatch-

AND

tp-linktl-wr740nMatchv2

Node

tp-linktl-wr940n_firmwareMatch-

AND

tp-linktl-wr940nMatchv2

Node

tp-linktl-wr941nd_firmwareMatch-

AND

tp-linktl-wr941ndMatchv5

Node

tp-linktl-wr940n_firmwareMatch-

AND

tp-linktl-wr940nMatchv6

CPENameOperatorVersion
tp-link:tl-wr940n_firmwaretp-link tl-wr940n firmwareeq-

CPE	Name	Operator	Version
tp-link:tl-wr940n_firmware	tp-link tl-wr940n firmware	eq	-

References

github.com/a101e-IoTvul/iotvul/blob/main/tp-link/4/TL-WR941ND_TL-WR940N_TL-WR740N_userRpm_VirtualServerRpm.md

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.7%

JSON

Related for CVE-2023-36356

nvd1 prion1 cvelist1