CERT-In Vulnerability Note
CIVN-2022-0068
Vulnerability in TP-Link TL-WR841N wireless router
Original Issue Date:February 07, 2022
Severity Rating: HIGH
Software Affected
- TP-Link TL- WR841N V11 3.16.9 Build 160325 Rel.62500n
Overview
A vulnerability has been reported in TP-Link TL-WR841N wireless router which could allow an attacker on local network to access web-based management interface of the affected device with administrative privileges.
Description
The vulnerability exists in TP-Link TL-WR841N wireless router due to transmission of authentication information in cleartext base64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.
Credit: This vulnerability is found by Parul Sindhwad, Anurag M. Chevendra, Dr. Faruk Kazi from COE-CNDS Lab, VJTI Mumbai, India.
Solution
Update TPLink WR841N firmware
https://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip
Vendor Information
TP-Link
https://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip
References
TP-Link
https://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip
CVE Name
CVE-2022-0162
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|