CVE-2024-57040 (CVSS 9.8): TP-Link TL-WR845N Router Vulnerability Grants Hackers Easy Access

Security researchers from the Network Security & Cryptography (NSC) Lab have identified a severe security vulnerability (CVE-2024-57040) affecting the TP-Link TL-WR845N router. The flaw, rated CVSS 9.8 (Critical), exposes hardcoded root shell credentials stored within the router’s firmware, making it trivial for attackers to gain full control over the device.

he vulnerability arises due to the presence of an MD5-hashed root password stored in firmware files that are publicly accessible. The issue affects all known firmware versions, including:

TL-WR845N(UN)_V4_190219
TL-WR845N(UN)_V4_200909
TL-WR845N(UN)_V4_201214

The credentials are stored in plaintext within the following extracted firmware files:

squashfs-root/etc/passwd
squashfsroot/etc/passwd.bak

This vulnerability poses severe security risks, including:

Full system compromise – Attackers with access to the router can modify firmware, install persistent backdoors, and intercept network traffic.
Lateral network movement – Once inside the router, attackers can escalate privileges and pivot to other devices on the network.
Remote exploitation risk – If combined with remote access vulnerabilities, this flaw could allow unauthorized users to take over the device from the internet.

As TP-Link has not yet released a patch, users are advised to take the following immediate actions:

Change default credentials – Modify the admin password to a strong, unique password.
Restrict physical access – Ensure the router is in a secure location to prevent SPI flash extractions.
Block unauthorized SSH/Telnet access – Disable any unnecessary remote management interfaces.
Monitor network activity – Regularly check for unauthorized access attempts.

Rate this post

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply