CVE-2024-57050 in WR840N v6info

Summary

by MITRE • 02/18/2025

A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/16/2026

This vulnerability affects the TP-Link WR840N v6 wireless router running firmware versions 0.9.1 4.16 and earlier, representing a critical authentication bypass flaw that undermines the device's security posture. The issue stems from improper validation of HTTP Referer headers in the router's web interface authentication mechanism, specifically within the /cgi directory endpoints. When an attacker includes a Referer header containing "http://tplinkwifi.net" in their requests, the system incorrectly validates these requests as authenticated, effectively allowing unauthorized access to protected administrative interfaces and functionalities.

The technical implementation of this vulnerability resides in the router's web server component where it relies on the Referer header for authentication validation rather than implementing proper session management or token-based authentication mechanisms. This approach violates fundamental security principles outlined in CWE-346, which addresses "Improper Verification of Source of a Communication Channel" and aligns with ATT&CK technique T1078.101 covering Valid Accounts: Default Accounts. The flaw demonstrates a classic case of insecure input validation where the system trusts client-supplied information without proper verification.

The operational impact of this vulnerability is severe as it grants attackers full administrative access to the router configuration interface, enabling them to modify network settings, change administrator credentials, disable security features, and potentially establish persistent backdoors. Attackers can exploit this weakness remotely without requiring valid login credentials, making it particularly dangerous for home and small office environments where such devices are commonly deployed. The vulnerability affects critical router functionalities including wireless configuration, firewall settings, port forwarding rules, and DHCP configurations, providing attackers with comprehensive control over the network infrastructure.

Mitigation strategies should include immediate firmware updates from TP-Link to address the authentication bypass flaw, proper network segmentation to limit access to administrative interfaces, and implementation of network monitoring to detect suspicious Referer header patterns. Organizations should also consider disabling unnecessary web management interfaces, implementing strong access controls with multi-factor authentication, and regularly auditing router configurations for unauthorized changes. Additionally, network administrators should deploy intrusion detection systems capable of identifying malformed HTTP requests containing the specific Referer pattern associated with this vulnerability, as outlined in the NIST Cybersecurity Framework's Identify and Detect functions. The vulnerability highlights the importance of proper authentication design principles and demonstrates why relying on client-supplied headers for security decisions should be avoided in favor of robust session management and token-based authentication mechanisms.

Responsible

MITRE

Reservation

01/09/2025

Disclosure

02/18/2025

Moderation

revoked

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!