Authentication Bypass in TP-Link WR840N v6 Router
CVE-2024-57050

9.8CRITICAL

Key Information:

Vendor: TP-Link
Status: WR840N v6 Router
Vendor: CVE Published:; 18 February 2025

Summary

A vulnerability in the TP-Link WR840N v6 router enables unauthorized individuals to bypass authentication mechanisms on certain interfaces located under the /cgi directory. By sending a specially crafted request that includes a Referer header set to http://tplinkwifi.net, attackers can gain access to restricted functionalities without proper validation, posing significant risks to the security of the network. Users should be aware of this risk and take appropriate measures to secure their devices.

References

https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Li...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Jan 9, 2025