PT-2020-1973 · Tp Link · Tp-Link Tl-Wr849N

F0Lds

Published

2020-01-27

Updated

2023-02-01

CVE-2019-19143

CVSS v2.0

7.1

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions TP-LINK TL-WR849N version 0.9.1 4.16

Description The issue is related to the lack of authentication required to replace the firmware of TP-LINK TL-WR849N devices via a POST request to the "cgi/softup" URI. This could allow a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations For TP-LINK TL-WR849N version 0.9.1 4.16, as a temporary workaround, consider restricting access to the "cgi/softup" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-306

Related Identifiers

BDU:2020-01272

CVE-2019-19143

Affected Products

Tp-Link Tl-Wr849N

PT-2020-1973 · Tp Link · Tp-Link Tl-Wr849N

CVE-2019-19143

Weakness Enumeration

Related Identifiers

Affected Products

References · 10