CVE-2024-57049

Summary

CVE-2024-57049 is a newly disclosed vulnerability affecting TP-Link Archer c20 routers with firmware versions V6.6_230412 and older. This issue allows unauthorized access as users can bypass the authentication of certain interfaces in the /cgi directory. Notably, by adding a specific Referer header, "http://tplinkwifi.net", in requests, attackers are recognized as having passed the authentication. This vulnerability poses a significant risk as it enables unauthenticated users to potentially gain control or perform malicious actions on the affected router. Users are encouraged to update their firmware to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.