CVE-2024-50699

TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name	Vendor	Start Version	End Version
Tl-wr845n_firmware	Tp-link	190219 (including)	190219 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/102.html
https://cwe.mitre.org/data/definitions/474.html
https://cwe.mitre.org/data/definitions/50.html
https://cwe.mitre.org/data/definitions/509.html
https://cwe.mitre.org/data/definitions/551.html
https://cwe.mitre.org/data/definitions/555.html
https://cwe.mitre.org/data/definitions/560.html
https://cwe.mitre.org/data/definitions/561.html
https://cwe.mitre.org/data/definitions/600.html
https://cwe.mitre.org/data/definitions/644.html
https://cwe.mitre.org/data/definitions/645.html
https://cwe.mitre.org/data/definitions/652.html
https://cwe.mitre.org/data/definitions/653.html

References

https://security.iiita.ac.in/iot/password-reset-missing-tplink.pdf
https://security.iiita.ac.in/iot/base64-authorization.docx

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-50699
CWE	https://cwe.mitre.org/data/definitions/522.html

Insufficiently Protected Credentials

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References