TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability
CVE-2023-50224
Key Information:
Badges
What is CVE-2023-50224?
CVE-2023-50224 is a vulnerability found in the TP-Link TL-WR841N router model, related to its dropbearpwd service. This vulnerability stems from improper authentication processes, which could allow network-adjacent attackers to access sensitive information without requiring any authentication. Given that the affected service listens on the default TCP port 80, the risk of exposure is heightened for devices connected to the same network. The potential threat includes the unauthorized disclosure of stored credentials, enabling attackers to take further actions against the router or the broader network it supports.
Potential impact of CVE-2023-50224
-
Information Disclosure: The primary concern is the potential for attackers to obtain sensitive authentication information, which can lead to further exploits on the local network or compromise associated devices.
-
Increased Attack Surface: Once attackers gain access to stored credentials, they could potentially escalate their privileges, allowing them to manipulate network settings or configure the router for malicious purposes, such as intercepting user traffic.
-
Network Compromise: With the ability to disclose sensitive information, the vulnerability poses a risk of broader network attacks, where adversaries could exploit the compromised router to access other devices and sensitive data within the network, leading to significant data breaches.
CISA has reported CVE-2023-50224
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-50224 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
TL-WR841N 3.16.9 build 200409
News Articles
References
CVSS V3.1
CVSS V3.0
Timeline
- 📰
First article discovered by BleepingComputer
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published