ID

VAR-202306-1898


CVE

CVE-2023-36355


TITLE

TP-Link TL-WR940N Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

DESCRIPTION

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request

Trust: 0.99

sources: NVD: CVE-2023-36355 // VULMON: CVE-2023-36355

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr940nscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2023-36355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-36355
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202306-1629
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2023-36355
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202306-1629 // NVD: CVE-2023-36355

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

sources: NVD: CVE-2023-36355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

PATCH

title:TP-Link TL-WR940N Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=244072

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

EXTERNAL IDS

db:NVDid:CVE-2023-36355

Trust: 1.7

db:PACKETSTORMid:173294

Trust: 1.6

db:EXPLOIT-DBid:51561

Trust: 0.6

db:CXSECURITYid:WLB-2023070011

Trust: 0.6

db:CNNVDid:CNNVD-202306-1629

Trust: 0.6

db:VULMONid:CVE-2023-36355

Trust: 0.1

sources: VULMON: CVE-2023-36355 // CNNVD: CNNVD-202306-1629 // NVD: CVE-2023-36355

REFERENCES

url:https://github.com/a101e-iotvul/iotvul/blob/main/tp-link/9/tp-link%20tl-wr940n%20wireless%20router%20userrpmwandynamicipv6cfgrpm%20buffer%20write%20out-of-bounds%20vulnerability.md

Trust: 1.7

url:http://packetstormsecurity.com/files/173294/tp-link-tl-wr940n-4-buffer-overflow.html

Trust: 1.6

url:https://cxsecurity.com/cveshow/cve-2023-36355/

Trust: 0.6

url:https://www.exploit-db.com/exploits/51561

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2023070011

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-36355 // CNNVD: CNNVD-202306-1629 // NVD: CVE-2023-36355

CREDITS

Amirhossein Bahramizadeh

Trust: 0.6

sources: CNNVD: CNNVD-202306-1629

SOURCES

db:VULMONid:CVE-2023-36355
db:CNNVDid:CNNVD-202306-1629
db:NVDid:CVE-2023-36355

LAST UPDATE DATE

2024-08-14T15:00:14.806000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-36355date:2023-06-23T00:00:00
db:CNNVDid:CNNVD-202306-1629date:2023-07-06T00:00:00
db:NVDid:CVE-2023-36355date:2023-07-04T17:15:10.850

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-36355date:2023-06-22T00:00:00
db:CNNVDid:CNNVD-202306-1629date:2023-06-22T00:00:00
db:NVDid:CVE-2023-36355date:2023-06-22T20:15:09.733