Authentication Bypass in TP-LINK TL-WR849N Devices
CVE-2019-19143

6.1MEDIUM

Key Information:

Vendor: Tp-link
Status: Tl-wr849n Firmware
Vendor: CVE Published:; 27 January 2020

Summary

The TP-LINK TL-WR849N 0.9.1 4.16 devices are impacted by a vulnerability that allows attackers to replace the firmware without requiring authentication. By sending a crafted POST request to the cgi/softup URI, unauthorized users can exploit this loophole, leading to potential unauthorized access and control over the device. This poses significant risks to network security and integrity, making it essential for users to secure their devices against such vulnerabilities.

References

https://fireshellsecurity.team/hack-n-routers/

x_refsource_MISC

http://packetstormsecurity.com/files/156586/TP-Link-TL-WR...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2020
Vulnerability Reserved
Nov 21, 2019