CVE-2014-9350

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR740N version 3.16.4 Build 130205 TP-Link TL-WR740N version 3.16.6 Build 130529 TP-Link TL-WR740N version 3.17.0 Build 140520

Description The issue allows remote attackers to cause a denial of service, resulting in an httpd crash. This can be achieved by exploiting a vector involving a "new" value in the isNew parameter to the "PingIframeRpm.htm" endpoint.

Recommendations For version 3.16.4 Build 130205, avoid using the isNew parameter in the "PingIframeRpm.htm" endpoint until the issue is resolved. For version 3.16.6 Build 130529, restrict access to the "PingIframeRpm.htm" endpoint to minimize the risk of exploitation. For version 3.17.0 Build 140520, consider disabling the httpd service temporarily until a patch is available.