CVE-2023-50224
MEDIUMSeverity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.
AnalysisAI
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability.
Technical ContextAI
An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Authentication Bypass by Spoofing (CWE-290).
RemediationAI
Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.
Same weakness CWE-290 – Authentication Bypass by Spoofing
View allShare
External POC / Exploit Code
Leaving vuln.today