TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability
CVE-2023-50224

6.5MEDIUM

Key Information:

Vendor

Tp-link
Status
Tl-wr841n
Vendor
CVE Published:
3 May 2024

Badges

📈 Score: 803👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2023-50224?

CVE-2023-50224 is a vulnerability found in the TP-Link TL-WR841N router model, related to its dropbearpwd service. This vulnerability stems from improper authentication processes, which could allow network-adjacent attackers to access sensitive information without requiring any authentication. Given that the affected service listens on the default TCP port 80, the risk of exposure is heightened for devices connected to the same network. The potential threat includes the unauthorized disclosure of stored credentials, enabling attackers to take further actions against the router or the broader network it supports.

Potential impact of CVE-2023-50224

  1. Information Disclosure: The primary concern is the potential for attackers to obtain sensitive authentication information, which can lead to further exploits on the local network or compromise associated devices.

  2. Increased Attack Surface: Once attackers gain access to stored credentials, they could potentially escalate their privileges, allowing them to manipulate network settings or configure the router for malicious purposes, such as intercepting user traffic.

  3. Network Compromise: With the ability to disclose sensitive information, the vulnerability poses a risk of broader network attacks, where adversaries could exploit the compromised router to access other devices and sensitive data within the network, leading to significant data breaches.

CISA has reported CVE-2023-50224

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-50224 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

TL-WR841N 3.16.9 build 200409

News Articles

favicon imageBleepingComputer

New TP-Link zero-day surfaces as CISA warns other flaws are exploited

TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks.

3 weeks ago

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1808/
x_research-advisory
https://www.tp-link.com/en/support/download/tl-wr841n/v12...
vendor-advisory

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by BleepingComputer

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

JSON
.