Exposed Credential Transmission in TP-Link Router
CVE-2024-46341

Currently unrated

Key Information:

Vendor: TP-Link
Status: TL-WR845N(UN)
Vendor: CVE Published:; 10 December 2024

Summary

The TP-Link TL-WR845N(UN)_V4_190219 is susceptible to a security vulnerability wherein it transmits user credentials in base64 encoded format. This encoding method provides inadequate protection, allowing attackers to easily decode the credentials during a man-in-the-middle attack. Successful exploitation could enable unauthorized access to sensitive information and potentially compromise the affected network.

References

https://security.iiita.ac.in/iot/base64-authorization.docx

Timeline

Vulnerability published
Dec 10, 2024