Login Sign Up

CVE-2024-50699

8.0 HIGH
Authentication Bypass

📋 TL;DR

TP-Link TL-WR845N routers with specific firmware versions have weak default administrator credentials that are easily guessable. This allows attackers to gain administrative access to the router's web interface. All users with affected firmware versions who haven't changed default credentials are vulnerable.

💻 Affected Systems

Products:
  • TP-Link TL-WR845N(UN)
Versions: V4_201214, V4_200909, V4_190219 firmware versions
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable if default credentials haven't been changed after initial setup

📦 What is this software?

Tl Wr845n Firmware by Tp Link

View all CVEs affecting Tl Wr845n Firmware →

Tl Wr845n Firmware by Tp Link

View all CVEs affecting Tl Wr845n Firmware →

Tl Wr845n Firmware by Tp Link

View all CVEs affecting Tl Wr845n Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing network traffic interception, DNS hijacking, malware injection, and use as attack platform

🟠

Likely Case

Unauthorized administrative access to router configuration, network monitoring, and credential theft

🟢

If Mitigated

Limited impact if strong unique credentials are already configured

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with web management interfaces
🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication attempt with default credentials; documented in security research papers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

No official patch available. Manually change administrator password through web interface

🔧 Temporary Workarounds

Change Default Administrator Password

all

Log into router web interface and change the default administrator password to a strong unique password

Manual configuration through web interface: 1. Access router at 192.168.0.1 or 192.168.1.1 2. Login with current credentials 3. Navigate to System Tools > Administration 4. Change administrator password

🧯 If You Can't Patch

  • Isolate affected routers from critical network segments
  • Implement network segmentation and firewall rules to restrict router management interface access

🔍 How to Verify

Check if Vulnerable:

Attempt to log into router web interface using default credentials (check router documentation for defaults)

Check Version:

Log into router web interface and check Firmware Version under Status or System Tools

Verify Fix Applied:

Verify you cannot log in with old/default credentials and can only access with new strong password

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts followed by successful login
  • Administrative login from unexpected IP addresses

Network Indicators:

  • HTTP/HTTPS traffic to router management interface from external IPs
  • Unusual configuration changes

SIEM Query:

source="router_logs" AND (event="login_success" OR event="admin_access") AND user="admin"

📊 Metadata

CVE ID: CVE-2024-50699
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-522
Published: December 10, 2024
Last Updated: July 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50699, you might also want to check these:

CVE-2024-51545 10.0

This CVE describes a username enumeration vulnerability in ABB industrial control system products th...

Same vulnerability type (CWE-522)
CVE-2021-30116 10.0

CVE-2021-30116 is an authentication bypass vulnerability in Kaseya VSA that allows unauthenticated a...

Same vulnerability type (CWE-522)
CVE-2025-0867 9.9

This vulnerability allows standard users to execute commands with administrative privileges through ...

Same vulnerability type (CWE-522)