Switch branches/tags
Nothing to show
Find file Copy path
0f8aa11 Dec 3, 2018
1 contributor

Users who have contributed to this file

38 lines (18 sloc) 1.2 KB

TP-Link WR886N V7 Dns Request buff Overflow


Firmware version: 1.1.0

Hardware version: TL-WR886N 7.0

Exploit Author:

Vendor Homepage:

Hardware Link:

Vul detail

Specially crafted packets to port 53/udp could cause a buff overflow in the affected products. An successful exploit can cause a denial of service (device reboot) or execute arbitrary code.

Attacker can use this vulnerability to modify system code, directly get the admin password hash using http request.

By default the router didn't allow user to directly read system file using http request. It will Add /web to your request PATH, if you request the router will read /web/test.html from minifs.

After exploit the system code is modified, the router will directly read the file you request. So you can read any config file you want.

Remote Code Exec

With specially crafted packets to port 53/udp, An successful exploit can execute arbitrary code.