CVE-2024-57040

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-57040
TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://security.iiita.ac.in/iot/hashed_password.pdf Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:tp-link:tl-wr845n_firmware:190219:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr845n_firmware:200909:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr845n_firmware:201214:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr845n:4.0:*:*:*:*:*:*:*
History

07 Apr 2025, 18:29

Type Values Removed Values Added
First Time Tp-link
Tp-link tl-wr845n
Tp-link tl-wr845n Firmware
References () https://security.iiita.ac.in/iot/hashed_password.pdf - () https://security.iiita.ac.in/iot/hashed_password.pdf - Third Party Advisory
CPE cpe:2.3:o:tp-link:tl-wr845n_firmware:201214:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr845n:4.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr845n_firmware:200909:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr845n_firmware:190219:*:*:*:*:*:*:*

01 Apr 2025, 16:15

Type Values Removed Values Added
Summary (en) TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained via a brute force attack through physical access to the router. (en) TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router.

19 Mar 2025, 21:15

Type Values Removed Values Added
Summary (en) TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained via a brute force attack. (en) TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained via a brute force attack through physical access to the router.

04 Mar 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-798
Summary
  • (es) Se descubrió que TL-WR845N(UN)_V4_200909 y TL-WR845N(UN)_V4_190219 contienen una contraseña codificada para la cuenta raíz que se puede obtener mediante un ataque de fuerza bruta.

26 Feb 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-26 22:15

Updated : 2025-04-07 18:29

NVD link : CVE-2024-57040

Mitre link : CVE-2024-57040

CVE.ORG link : CVE-2024-57040

JSON object : View

Products Affected

tp-link

  • tl-wr845n
  • tl-wr845n_firmware
CWE
CWE-798

Use of Hard-coded Credentials