Authentication Bypass in Think Router Tk-Rt-Wr135G Product
CVE-2024-55211

8.4HIGH

Key Information:

Vendor: Think Router
Status: Tk-Rt-Wr135G
Vendor: CVE Published:; 17 April 2025

🔔 Create Think Router Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-55211?

A security vulnerability exists in the Think Router Tk-Rt-Wr135G (version V3.0.2-X000), allowing attackers to bypass authentication mechanisms by exploiting a crafted cookie. This flaw potentially enables unauthorized access to sensitive functionalities of the device, posing significant risks to user security and data integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-55211
Created by micaelmaciel

References

https://github.com/micaelmaciel/CVE-2024-55211

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
🟡
Public PoC available
Apr 16, 2025
👾
Exploit known to exist
Apr 16, 2025
Vulnerability Reserved
Dec 6, 2024

JSON