CVE-2024-57050

Published Feb 18, 2025

Last updated 2 months ago

CVSS critical 9.8

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-57050 is a vulnerability found in TP-Link WR840N v6 routers with firmware version 0.9.1 4.16 and earlier. It allows unauthorized individuals to bypass authentication on some interfaces within the /cgi directory. The vulnerability can be exploited by adding `Referer: http://tplinkwifi.net` to a request, which the router incorrectly recognizes as valid authentication, granting unauthorized access.

Description
A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-287

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

10

  1. CVE-2024-57050 - Authentication Bypass in TP-Link WR840N using a magic referer 🤦‍♂️🤦🤦‍♀️ https://t.co/iQjWhdCdbQ

    @gothburz

    4 Apr 2025

    3100 Impressions

    7 Retweets

    40 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-57050 A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some int… https://t.co/QiLdF6J7zz

    @CVEnew

    18 Feb 2025

    345 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References