| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50464500.4040006@gmail.com> Date: Tue, 04 Sep 2012 20:14:24 +0200 From: "Adam P." <ziherung.pl@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: TP-LINK TL-WR340G Wireless Denial of Service === intro === TP-LINK TL-WR340G is a SOHO router with integrated IEEE 802.11b/g AP. Now it's marked End-of-Life. Transmitting crafted frames in proximity of working router cause device to malfunction. Wireless communication stops, existing clients don't receive frames from AP ( except beacons ), new clients can't connect. === details === Affected product: TL-WR340G Wireless router Firm Version: 4.7.11 Build 101102 Rel.60376n Hardware Version: WR340G v3 Local/remote: Local ( wirelessly ) Vulnerability can be spotted by crafting and transmitting frame with scapy: >> fr = RadioTap()/Dot11(addr1="ff:ff:ff:ff:ff:ff",addr2="<AP MAC>",addr3="<AP MAC>")/Dot11Beacon()/Dot11Elt() >> sendp(fr,iface="injection capable wireless interface",count=5) Attacker could cease wireless traffic. To resume AP functionality user must restart wireless interface in WebGUI or restart device. === time-line === 2.08.2012 - vendor notified 4.09.2012 - no response from vendor, published _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists