| 제목 | TP-Link VN020 F3v(T) ISP Routers Hardware Version: 1.0 / Firmware Version: TT_V6.2.1021 Stack-based Buffer Overflow |
|---|
| 설명 | A critical and easily exploitable vulnerability in DHCP parsing on TP-Link VN020 F3v(T) routers enables attackers to deliver a crafted DHCP DISCOVER packet that triggers multiple memory corruption vectors. This includes an oversized hostname field (127 bytes), malformed length fields, and edge cases in vendor-specific options, each of which leads to unpredictable memory corruption and stack overflow in the router’s DHCP service. The attack is unauthenticated and can be launched from any device within network proximity, leveraging a single malformed packet to fully destabilize the router.
This vulnerability causes repeated router crashes, persistent denial of service, and — when exploited with a carefully crafted Return-Oriented Programming (ROP) chain full remote code execution, granting the attacker unrestricted control over the device. Which allows for backdoor insertion, traffic manipulation, or botnet integration. This flaw affects hundreds of thousands of units across the Maghreb region, including Algeria and Tunisia, where ISPs like Tunisie Telecom and Topnet deploy the same vulnerable firmware just with rebranding.
|
|---|
| 원천 | ⚠️ https://github.com/Zephkek/TP-Thumper |
|---|
| 사용자 | Mohamed Maatallah (UID 77278) |
|---|
| 제출 | 2024. 11. 06. PM 03:49 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 11. 15. AM 08:04 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 284672 [TP-Link VN020 F3v(T) TT_V6.2.1021 DHCP DISCOVER Packet Parser 호스트 이름 TP-Thumper 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|