CVE-2023-39745

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR940N version V2 TP-Link TL-WR941ND version V5 TP-Link TL-WR841N version V8

Description The issue is related to a buffer overflow in the /userRpm/AccessCtrlAccessRulesRpm component of TP-Link routers. This allows attackers to cause a Denial of Service (DoS) via a crafted GET request to the "/userRpm/AccessCtrlAccessRulesRpm" endpoint. The GET request can be exploited by a remote attacker to disrupt service.

Recommendations For TP-Link TL-WR940N version V2, consider disabling access to the /userRpm/AccessCtrlAccessRulesRpm component until a patch is available. For TP-Link TL-WR941ND version V5, restrict access to the /userRpm/AccessCtrlAccessRulesRpm component to minimize the risk of exploitation. For TP-Link TL-WR841N version V8, avoid using the /userRpm/AccessCtrlAccessRulesRpm component in production environments until the issue is resolved.