=== intro ===
TP-LINK TL-WR340G is a SOHO router with integrated IEEE 802.11b/g AP.
Now it's marked End-of-Life.
Transmitting crafted frames in proximity of working router cause device
to malfunction. Wireless communication stops, existing clients don't
receive frames from AP ( except beacons ), new clients can't connect.
=== details ===
Affected product: TL-WR340G Wireless router
Firm Version: 4.7.11 Build 101102 Rel.60376n
Hardware Version: WR340G v3
Local/remote: Local ( wirelessly )
Vulnerability can be spotted by crafting and transmitting frame with scapy:
>> fr = RadioTap()/Dot11(addr1="ff:ff:ff:ff:ff:ff",addr2="<AP
MAC>",addr3="<AP MAC>")/Dot11Beacon()/Dot11Elt()
>> sendp(fr,iface="injection capable wireless interface",count=5)
Attacker could cease wireless traffic. To resume AP functionality user
must restart wireless interface in WebGUI or restart device.
=== time-line ===
2.08.2012 - vendor notified
4.09.2012 - no response from vendor, published
