CVE-2024-57050

Name of the Vulnerable Software and Affected Versions TP-Link WR840N V6 router versions 0.9.1 4.16 and earlier

Description A vulnerability in the TP-Link WR840N V6 router permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding a Referer header with the value http://tplinkwifi.net to the request, it will be recognized as passing the authentication.

Recommendations For TP-Link WR840N V6 router versions 0.9.1 4.16 and earlier, consider disabling access to the /cgi directory until a patch is available. Restrict access to the router's web interface to minimize the risk of exploitation. Avoid using the Referer header with the value http://tplinkwifi.net in requests to the router's web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.