Improper Authentication Information Disclosure Vulnerability Affects TP-Link Routers
CVE-2023-44447
6.5MEDIUM
What is CVE-2023-44447?
The TP-Link TL-WR902AC router is susceptible to an information disclosure vulnerability due to improper authentication in its httpd service. This vulnerability permits network-adjacent attackers to extract sensitive data without requiring authentication, potentially disclosing stored credentials. The flaw arises from the default service configuration listening on TCP port 80. Exploitation of this vulnerability can lead to further unauthorized access and compromise of system integrity.
Affected Version(s)
TL-WR902AC TL-WR902AC(EU)_V1_170628