CVE-2023-36358 in TL-WR940N
Summary
by MITRE • 06/22/2023
TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/13/2026
The CVE-2023-36358 vulnerability represents a critical buffer overflow flaw discovered in several TP-Link wireless router models including the TL-WR940N series, TL-WR941ND V5/V6, TL-WR743ND V1, and TL-WR841N V8. This vulnerability resides within the web interface component /userRpm/AccessCtrlAccessTargetsRpm which handles access control functionality for the affected devices. The flaw manifests when the router processes incoming HTTP GET requests that contain excessively long input parameters, leading to memory corruption in the application's buffer handling mechanism. This type of vulnerability falls under CWE-121, which specifically addresses stack-based buffer overflow conditions, and represents a classic example of improper input validation in networked embedded systems. The affected devices operate with embedded web servers that process user requests without adequate bounds checking, creating an exploitable condition where malicious input can overwrite adjacent memory locations.
The operational impact of this vulnerability extends beyond simple denial of service as it demonstrates the inherent security weaknesses present in consumer-grade networking equipment. Attackers can craft specially formatted GET requests that trigger the buffer overflow condition, causing the router's web interface to crash or become unresponsive. This results in a denial of service condition that renders the device inaccessible to legitimate users, effectively cutting off network connectivity for all devices connected to the compromised router. The vulnerability is particularly concerning because it operates at the application layer of the network stack and can be exploited remotely without requiring authentication or physical access to the device. The attack surface is broad given the widespread deployment of these TP-Link models in both residential and small office environments, making them attractive targets for cybercriminals seeking to disrupt network services. According to ATT&CK framework, this vulnerability maps to T1499.004 which covers Network Denial of Service attacks, and T1595.001 which involves reconnaissance of network infrastructure to identify vulnerable devices.
Mitigation strategies for CVE-2023-36358 should prioritize immediate firmware updates from TP-Link as the primary defense mechanism, since the vendor has likely released patches addressing this specific buffer overflow condition. Network administrators should also implement network segmentation to isolate affected devices from critical infrastructure and consider disabling remote management features until updates are applied. Additional protective measures include deploying intrusion detection systems that can identify suspicious GET request patterns targeting the vulnerable component, implementing network access controls that restrict access to the web interface, and conducting regular vulnerability assessments to identify other potentially affected devices within the network perimeter. The vulnerability highlights the importance of secure coding practices in embedded systems and demonstrates how basic input validation flaws can lead to significant operational disruptions. Organizations should also consider maintaining detailed inventories of all networked devices to ensure comprehensive vulnerability management and avoid blind spots in their security posture. The affected models represent a significant portion of TP-Link's consumer router lineup, making this vulnerability particularly impactful for both individual users and enterprise networks that may have deployed these devices without proper security hardening measures.