The flaw, identified as CVE-2024-57040 and assigned a CVSS score of 9.8 (Critical), exposes hardcoded root shell credentials stored within the routerβs firmware files, creating a significant security risk for users worldwide.
the vulnerability stems from MD5-hashed root passwords stored in plaintext within publicly accessible firmware files.
The credentials are stored in two specific locations: βsquashfs-root/etc/passwdβ and βsquashfs-root/etc/passwd.bakβ. The exposed hardcoded root password can be easily cracked to reveal β1234β while the root username appears in plaintext as βadmin.β
Security experts note that all known firmware versions of the TP-Link TL-WR845N router are affected, including:
TL-WR845N(UN)_V4_190219
TL-WR845N(UN)_V4_200909
TL-WR845N(UN)_V4_201214
This vulnerability presents a severe security risk as attackers with these credentials can essentially take full control of the router, potentially intercepting network traffic and installing persistent backdoors.
Mitigation Steps >>>
Modify the admin password to a strong, unique alternative.
Secure the routerβs location to prevent physical tampering and SPI flash extractions.
Block any unnecessary remote access interfaces like SSH/Telnet.
Regularly check for unauthorized access attempts or suspicious behavior.
While the current firmware versions remain vulnerable, TP-Link may release security patches in future updates that can be installed through the routerβs management interface at http://tplinkwifi.net