Lucene search

[email protected]NVD:CVE-2023-36357

HistoryJun 22, 2023 - 8:15 p.m.

CVE-2023-36357

2023-06-2220:15:09

[email protected]

web.nvd.nist.gov

cve-2023-36357

tp-link

routers

denial of service

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

25.9%

JSON

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Affected configurations

Nvd

Node

tp-linktl-wr940n_firmwareMatch-

AND

tp-linktl-wr940nMatchv4

Node

tp-linktl-wr841n_firmwareMatch-

AND

tp-linktl-wr841nMatchv8

Node

tp-linktl-wr841n_firmwareMatch-

AND

tp-linktl-wr841nMatchv10

Node

tp-linktl-wr940n_firmwareMatch-

AND

tp-linktl-wr940nMatchv2

Node

tp-linktl-wr941nd_firmwareMatch-

AND

tp-linktl-wr941ndMatchv5

Node

tp-linktl-wr940n_firmwareMatch-

AND

tp-linktl-wr940nMatchv6

VendorProductVersionCPE
tp-linktl-wr940n_firmware-cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*
tp-linktl-wr940nv4cpe:2.3:h:tp-link:tl-wr940n:v4:*:*:*:*:*:*:*
tp-linktl-wr841n_firmware-cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*
tp-linktl-wr841nv8cpe:2.3:h:tp-link:tl-wr841n:v8:*:*:*:*:*:*:*
tp-linktl-wr841nv10cpe:2.3:h:tp-link:tl-wr841n:v10:*:*:*:*:*:*:*
tp-linktl-wr940nv2cpe:2.3:h:tp-link:tl-wr940n:v2:*:*:*:*:*:*:*
tp-linktl-wr941nd_firmware-cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:*:*:*:*:*:*:*
tp-linktl-wr941ndv5cpe:2.3:h:tp-link:tl-wr941nd:v5:*:*:*:*:*:*:*
tp-linktl-wr940nv6cpe:2.3:h:tp-link:tl-wr940n:v6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	tl-wr940n_firmware	-	cpe:2.3:o:tp-link:tl-wr940n_firmware:-:::::::*
tp-link	tl-wr940n	v4	cpe:2.3:h:tp-link:tl-wr940n:v4:::::::*
tp-link	tl-wr841n_firmware	-	cpe:2.3:o:tp-link:tl-wr841n_firmware:-:::::::*
tp-link	tl-wr841n	v8	cpe:2.3:h:tp-link:tl-wr841n:v8:::::::*
tp-link	tl-wr841n	v10	cpe:2.3:h:tp-link:tl-wr841n:v10:::::::*
tp-link	tl-wr940n	v2	cpe:2.3:h:tp-link:tl-wr940n:v2:::::::*
tp-link	tl-wr941nd_firmware	-	cpe:2.3:o:tp-link:tl-wr941nd_firmware:-:::::::*
tp-link	tl-wr941nd	v5	cpe:2.3:h:tp-link:tl-wr941nd:v5:::::::*
tp-link	tl-wr940n	v6	cpe:2.3:h:tp-link:tl-wr940n:v6:::::::*

References

github.com/a101e-IoTvul/iotvul/blob/main/tp-link/5/TL-WR941ND_TL-WR940N_TL-WR841N_userRpm_LocalManageControlRpm.md

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

25.9%

JSON

Related for NVD:CVE-2023-36357

cve1 prion1 cvelist1