CVE-2023-36359

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR940N versions V2 through V4 TP-Link TL-WR841N versions V8 through V10 TP-Link TL-WR941ND versions V5 through V6

Description A buffer overflow was discovered in the /userRpm/QoSRuleListRpm component of TP-Link routers, allowing attackers to cause a Denial of Service (DoS) via a crafted GET request to the /userRpm/QoSRuleListRpm endpoint. The vulnerability is related to the QoSRuleListRpm component and can be exploited by sending a specially crafted request, potentially allowing a remote attacker to cause a service disruption.

Recommendations For TP-Link TL-WR940N versions V2 through V4, consider disabling access to the /userRpm/QoSRuleListRpm endpoint until a patch is available. For TP-Link TL-WR841N versions V8 through V10, restrict access to the QoSRuleListRpm component to minimize the risk of exploitation. For TP-Link TL-WR941ND versions V5 through V6, avoid using the vulnerable QoSRuleListRpm component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.