CVE-2023-36354

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR940N versions V2, V3, V4 TP-Link TL-WR841N versions V8, V10 TP-Link TL-WR740N versions V1, V2 TP-Link TL-WR941ND versions V5, V6

Description A buffer overflow was discovered in the /userRpm/AccessCtrlTimeSchedRpm component of TP-Link routers, allowing attackers to cause a Denial of Service (DoS) via a crafted GET request. The vulnerability is related to the "Changed" parameter and can be exploited by sending a specially crafted request, enabling a remote attacker to disrupt service.

Recommendations For TP-Link TL-WR940N versions V2, V3, V4, consider disabling access to the /userRpm/AccessCtrlTimeSchedRpm component until a patch is available. For TP-Link TL-WR841N versions V8, V10, restrict access to the vulnerable component to minimize the risk of exploitation. For TP-Link TL-WR740N versions V1, V2, avoid using the "Changed" parameter in the affected component until the issue is resolved. For TP-Link TL-WR941ND versions V5, V6, as a temporary workaround, consider disabling the /userRpm/AccessCtrlTimeSchedRpm component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.