Hardcoded Password Vulnerability in TP-Link Router
CVE-2024-57040

9.8CRITICAL

Key Information:

Vendor: TP-Link
Status: TL-WR845N Router
Vendor: CVE Published:; 26 February 2025

Summary

The TP-Link TL-WR845N routers, specifically the versions TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219, contain a serious vulnerability characterized by a hardcoded password for the root account. This flaw can be exploited by attackers using brute force techniques to gain unauthorized access to the device, potentially compromising the network security and data integrity.

References

https://security.iiita.ac.in/iot/hashed_password.pdf

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Jan 9, 2025