Multiple vulnerabilities in TP-LINK TL-WR741N and TL-WR741ND routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerabilities are due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. The device may fail to process the attacker request, triggering an error condition. An exploit may cause the device to become unresponsive, resulting in a DoS condition.
Proof-of-concept code that demonstrates an exploit of these vulnerabilities is publicly available.
Administrators are advised to restrict network access to affected devices.
Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit these vulnerabilities.
TP-LINK has not confirmed these vulnerabilities and has not released updated software.