CVE-2022-0162: Cert-In - Home Page

CERT-In Vulnerability Note CIVN-2022-0068
Vulnerability in TP-Link TL-WR841N wireless router

Original Issue Date:February 07, 2022

Severity Rating: HIGH

Software Affected

• TP-Link TL- WR841N V11 3.16.9 Build 160325 Rel.62500n

Overview

A vulnerability has been reported in TP-Link TL-WR841N wireless router which could allow an attacker on local network to access web-based management interface of the affected device with administrative privileges.

Description

The vulnerability exists in TP-Link TL-WR841N wireless router due to transmission of authentication information in cleartext base64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.

Credit: This vulnerability is found by Parul Sindhwad, Anurag M. Chevendra, Dr. Faruk Kazi from COE-CNDS Lab, VJTI Mumbai, India.

Solution

Update TPLink WR841N firmware
https://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip

Vendor Information

TP-Link
https://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip

References

TP-Link
https://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip

****CVE Name****
CVE-2022-0162

Disclaimer

The information provided herein is on “as is” basis, without warranty of any kind.

Contact Information

Email: [email protected]
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India