CVE-2024-57049
Published: 18 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2024-57049 is an authentication bypass vulnerability (CWE-287) affecting the TP-Link Archer C20 router with firmware version V6.6_230412 and earlier. The issue resides in certain interfaces under the /cgi directory, where adding a Referer header set to http://tplinkwifi.net in requests tricks the router into treating the request as authenticated.
Any unauthenticated attacker with network access to the router can exploit this vulnerability with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploitation grants access to the affected interfaces, potentially enabling high-impact compromise of confidentiality, integrity, and availability.
The vulnerability is documented in a GitHub repository detailing the ACL bypass, but the supplier disputes its severity, stating that API responses contain only non-sensitive UI initialization variables. No patches or specific mitigations are mentioned in available advisories.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables authentication bypass on the TP-Link Archer C20 router's public-facing web (/cgi) interfaces via Referer header manipulation, facilitating exploitation of a public-facing application for initial access.