A vulnerability, which was classified as critical, was found in TP-LINK TL-WR940N (Router Operating System) (unknown version). This affects the function ipAddrDispose of the file PingIframeRpm.htm. The manipulation as part of a ICMP Echo Request leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.

The bug was discovered 04/09/2019. The weakness was published 06/06/2019 (Website). It is possible to read the advisory at exploit-db.com. This vulnerability is uniquely identified as CVE-2019-6989 since 01/28/2019. It is possible to initiate the attack remotely. The requirement for exploitation is a authentication. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability was handled as a non-public zero-day exploit for at least 58 days. During that time the estimated underground price was around $0-$5k. By approaching the search of inurl:PingIframeRpm.htm it is possible to find vulnerable targets with Google Hacking.

It is possible to mitigate the weakness by firewalling .

Productinfo

Type

• Router Operating System

Vendor

• TP-LINK

Name

• TL-WR940N

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion