Headline
CVE-2022-0162: Cert-In - Home Page
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.
CERT-In Vulnerability Note CIVN-2022-0068
Vulnerability in TP-Link TL-WR841N wireless router
Original Issue Date:February 07, 2022
Severity Rating: HIGH
Software Affected
- TP-Link TL- WR841N V11 3.16.9 Build 160325 Rel.62500n
Overview
A vulnerability has been reported in TP-Link TL-WR841N wireless router which could allow an attacker on local network to access web-based management interface of the affected device with administrative privileges.
Description
The vulnerability exists in TP-Link TL-WR841N wireless router due to transmission of authentication information in cleartext base64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.
Credit: This vulnerability is found by Parul Sindhwad, Anurag M. Chevendra, Dr. Faruk Kazi from COE-CNDS Lab, VJTI Mumbai, India.
Solution
Update TPLink WR841N firmware
https://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip
Vendor Information
TP-Link
https://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip
References
TP-Link
https://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip
****CVE Name****
CVE-2022-0162
Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind.
Contact Information
Email: [email protected]
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India