CVE-2024-57049

Name of the Vulnerable Software and Affected Versions TP-Link Archer c20 router versions prior to V6.6 230412

Description A flaw exists in the TP-Link Archer c20 router that allows unauthorized access by bypassing authentication for certain interfaces located under the /cgi directory. This bypass is achieved by adding the Referer: http://tplinkwifi.net header to requests. The supplier disputes the severity of this issue, stating that the API call response only contains "non-sensitive UI initialization variables."

Recommendations Update the firmware to version V6.6 230412 or later.