CVE-2023-36357

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR940N versions V2 through V6 TP-Link TL-WR841N versions V8 through V10 TP-Link TL-WR941ND version V5

Description The issue is related to errors in resource release, allowing a remote attacker to cause a Denial of Service (DoS) using a specially crafted GET request to the "/userRpm/LocalManageControlRpm" component.

Recommendations For TP-Link TL-WR940N versions V2 through V6, consider disabling access to the "/userRpm/LocalManageControlRpm" component until a patch is available. For TP-Link TL-WR841N versions V8 through V10, restrict access to the "/userRpm/LocalManageControlRpm" component to minimize the risk of exploitation. For TP-Link TL-WR941ND version V5, avoid using the vulnerable component until the issue is resolved.

Exploit

Fix

Allocation of Resources Without Limits

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-404

Related Identifiers

BDU:2023-03937

CVE-2023-36357

Affected Products

Tp-Link Tl-Wr841N

Tp-Link Tl-Wr940N

Tp-Link Tl-Wr941Nd

CVE-2023-36357

Weakness Enumeration

Related Identifiers

Affected Products

References · 6