Malfuzzer

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR1043ND version V2 **Description** An issue allows credentials to be easily decoded and cracked through brute-force, WordList, or Rainbow Table attacks. The credentials in the "Authorization" cookie are encoded with URL encoding and base64, making them easily decodable. The username is stored in cleartext, and the password is hashed with the MD5 algorithm after decoding the URL encoded string with base64. **Recommendations** For TP-Link TL-WR1043ND version V2, consider changing the password to a strong and unique one, and avoid using the same password across multiple devices. As a temporary workaround, restrict access to the device's web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR1043ND version V2 **Description** The issue is related to the web interface management of the TP-Link TL-WR1043ND router's firmware, specifically with the authentication procedure. An attacker can exploit this by sending a specially crafted cookie in an HTTP authentication packet to the router management web interface, allowing full control of the router without needing credentials. This can be done remotely. **Recommendations** For TP-Link TL-WR1043ND version V2, as a temporary workaround, consider restricting access to the router management web interface until a patch is available. Avoid using the web interface for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.