CVE-2022-24972

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR940N version 3.20.1 Build 200316 Rel.34392n (5553)

Description The issue results from the lack of proper access control within the httpd service, which listens on TCP port 80 by default. This allows network-adjacent attackers to disclose sensitive information on affected installations without requiring authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.

Recommendations For TP-Link TL-WR940N version 3.20.1 Build 200316 Rel.34392n (5553), as a temporary workaround, consider restricting access to the httpd service until a patch is available. Additionally, avoid using default or weak credentials for the router's administration interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.