CVE-2024-57040
Published: 26 February 2025
Description
TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has stated that this issue was fixed in firmware versions 250401 or later.
Security Summary
CVE-2024-57040 is a high-severity vulnerability (CVSS 3.1 score of 9.8) involving a hardcoded password for the root account in TP-Link TL-WR845N routers running firmware versions TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219. This issue, classified under CWE-798 (Use of Hard-coded Credentials), allows the root password to be extracted by analyzing publicly downloadable firmware images or through brute-force attacks requiring physical access to the device.
Attackers with network access can exploit this remotely by downloading and reverse-engineering the firmware to obtain the hardcoded credentials, granting unauthenticated root-level access without privileges, user interaction, or special conditions. Physical proximity enables brute-force attempts on the device itself. Successful exploitation provides high-impact confidentiality, integrity, and availability compromise, potentially allowing full device takeover, configuration changes, data exfiltration, or use as a pivot for further network attacks.
The supplier states that the vulnerability is addressed in firmware versions 250401 and later. Security practitioners should verify and upgrade affected TL-WR845N devices to these patched versions, restrict physical access, and monitor for unauthorized root logins. Additional details are available in the referenced advisory at https://security.iiita.ac.in/iot/hashed_password.pdf.
Details
- CWE(s)