CVE-2019-6972

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR1043ND version V2

Description An issue allows credentials to be easily decoded and cracked through brute-force, WordList, or Rainbow Table attacks. The credentials in the "Authorization" cookie are encoded with URL encoding and base64, making them easily decodable. The username is stored in cleartext, and the password is hashed with the MD5 algorithm after decoding the URL encoded string with base64.

Recommendations For TP-Link TL-WR1043ND version V2, consider changing the password to a strong and unique one, and avoid using the same password across multiple devices. As a temporary workaround, restrict access to the device's web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.