CVE-2023-39745 in TL-WR841N
Summary
by MITRE • 08/21/2023
TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/26/2026
The vulnerability identified as CVE-2023-39745 affects several TP-Link wireless router models including the TL-WR940N V2, TL-WR941ND V5, and TL-WR841N V8 devices. This represents a critical security flaw that resides within the web interface management component of these networking devices, specifically within the /userRpm/AccessCtrlAccessRulesRpm module. The affected routers are widely deployed in both residential and small office environments, making this vulnerability particularly concerning from a cybersecurity perspective. The issue manifests as a buffer overflow condition that occurs when processing incoming HTTP GET requests, indicating a fundamental flaw in input validation and memory management within the device's web server implementation.
The technical exploitation of this vulnerability involves sending a specially crafted GET request to the vulnerable router's web interface, which triggers a buffer overflow condition in the AccessCtrlAccessRulesRpm component. This type of vulnerability falls under CWE-121, which describes stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations. The buffer overflow occurs when the router fails to properly validate the length of input parameters received through HTTP GET requests, allowing an attacker to supply data exceeding the allocated buffer space. This condition can be leveraged to cause unpredictable behavior in the device's operating system, ultimately resulting in a denial of service condition that renders the router inaccessible to legitimate users.
From an operational impact perspective, this vulnerability creates significant risk for affected organizations and individuals who rely on these routers for network connectivity. The denial of service condition effectively disables the router's web management interface, preventing authorized users from configuring or monitoring their network settings. Network administrators may find their devices become unresponsive, requiring manual intervention through physical access or power cycling to restore functionality. The vulnerability is particularly dangerous because it can be exploited remotely without authentication, meaning attackers can potentially disrupt network services from anywhere on the internet. This aligns with ATT&CK technique T1499.004, which covers network disruption through denial of service attacks, and represents a critical weakness in the device's security posture that could be exploited in larger attack campaigns targeting network infrastructure.
The mitigation strategies for this vulnerability should prioritize immediate firmware updates from TP-Link, as the manufacturer has likely released patches addressing the buffer overflow condition. Network administrators should also implement network segmentation to limit exposure, disable unnecessary web management interfaces when possible, and monitor for unusual traffic patterns that might indicate exploitation attempts. Additional protective measures include deploying intrusion detection systems that can identify malformed GET requests targeting known vulnerable components, implementing network access controls to restrict management interface access to trusted IP ranges, and maintaining detailed network monitoring to quickly detect service disruptions. Organizations should also consider conducting regular vulnerability assessments of their network infrastructure to identify similar flaws in other networked devices that may be vulnerable to similar buffer overflow conditions. The vulnerability demonstrates the importance of proper input validation and memory management in embedded systems, highlighting the need for security-by-design principles in network device development.