CVE-2019-6971

9.8CRITICAL

Key Information:

Vendor: Tp-link
Status: Tl-wr1043nd Firmware
Vendor: CVE Published:; 19 June 2019

Summary

An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.

References

https://github.com/MalFuzzer/Vulnerability-Research/blob/...

x_refsource_MISC

https://twitter.com/MalFuzzer/status/1141269335685652480?...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2019
Vulnerability Reserved
Jan 25, 2019