CVE-2023-36359 in TL-WR940N
Summary
by MITRE • 06/22/2023
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/13/2026
The vulnerability identified as CVE-2023-36359 affects several TP-Link wireless router models including the TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3, and TL-WR941ND V5/V6. This issue resides within the web interface component /userRpm/QoSRuleListRpm which handles Quality of Service rule management functionality. The affected devices are part of the consumer and small office networking equipment category, making them widely deployed in residential and enterprise environments where network traffic management is critical.
The technical flaw manifests as a buffer overflow condition in the QoSRuleListRpm component when processing incoming HTTP GET requests. This buffer overflow vulnerability occurs due to insufficient input validation and bounds checking within the web application layer of the router's firmware. When an attacker crafts a malicious GET request containing oversized or malformed parameters, the application fails to properly handle the input data, leading to memory corruption that ultimately results in a system crash or complete service disruption. The vulnerability specifically affects the handling of user-supplied data in the Quality of Service rule management interface, which is commonly accessed by network administrators for traffic prioritization and bandwidth control.
The operational impact of this vulnerability is significant as it enables remote attackers to execute a Denial of Service attack against affected TP-Link routers without requiring authentication or specialized privileges. This means that any individual with network access to the affected devices can potentially disrupt network services by sending a specially crafted GET request to the vulnerable web interface component. The DoS condition typically results in complete service unavailability requiring manual intervention to restore normal operations, which can be particularly problematic in enterprise environments where network uptime is critical. The vulnerability affects the core network management functionality of these devices, potentially impacting internet connectivity and network performance for all connected devices.
Mitigation strategies for this vulnerability should include immediate firmware updates from TP-Link as provided by the vendor to address the buffer overflow condition in the QoSRuleListRpm component. Network administrators should also implement network segmentation and access controls to limit exposure of these devices to untrusted networks. Additionally, monitoring network traffic for unusual patterns or malformed requests targeting the affected web interface components can help detect potential exploitation attempts. The vulnerability aligns with CWE-121, Buffer Overflow in Stack, and represents a classic example of improper input validation that allows attackers to manipulate memory structures. From an ATT&CK framework perspective, this vulnerability maps to T1499.004, Network Denial of Service, and demonstrates how web application flaws can be exploited to achieve service disruption. Organizations should also consider implementing intrusion detection systems to monitor for exploitation attempts targeting this specific vulnerability.