""ET EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass (WiFi Password Change)""

SID: 2025755

Revision: 2

Class Type: web-application-attack

Metadata: affected_product TPLINK, attack_target IoT, created_at 2018_06_26, deployment Datacenter, signature_severity Major, updated_at 2018_06_26

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_server

Contents:

• Value: "/cgi?2"

• Value: "/mainFrame.htm"

• Value: "LAN_WLAN"

• Value: "IEEE11iAuthenticationMode"

• Value: "IEEE11iEncryptionModes"

• Value: "X_TP_PreSharedKey="

• Value: "X_TP_GroupKeyUpdateInterval"

Within:

PCRE:

Special Options:

• http_uri

• http_header

• fast_pattern

• http_client_body

• http_client_body

• http_client_body

• http_client_body

• http_client_body

source