Vulnerability Description
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wr940N Firmware | - |
| Tp-Link | Tl-Wr940N | - |
| Tp-Link | Tl-Wr941Nd Firmware | - |
| Tp-Link | Tl-Wr941Nd | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/152458/TP-LINK-TL-WR940N-TL-WR941ND-Buffer-
- https://www.exploit-db.com/exploits/46678/
- http://packetstormsecurity.com/files/152458/TP-LINK-TL-WR940N-TL-WR941ND-Buffer-
- https://www.exploit-db.com/exploits/46678/
FAQ
What is CVE-2019-6989?
CVE-2019-6989 is a vulnerability with a CVSS score of 8.8 (HIGH). TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote aut...
How severe is CVE-2019-6989?
CVE-2019-6989 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6989?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr940N Firmware, Tp-Link Tl-Wr940N, Tp-Link Tl-Wr941Nd Firmware, Tp-Link Tl-Wr941Nd.