CVE-2024-57049

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

48.8%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication. NOTE: this is disputed by the Supplier because the response to the API call is only "non-sensitive UI initialization variables."

Technical Details

Published
2/18/2025

Frequently Asked Questions

What is CVE-2024-57049?

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication. NOTE: this is disputed by the Supplier because the response to the API call is only "non-sensitive UI initialization variables."

Is CVE-2024-57049 actively exploited?

Active exploitation of CVE-2024-57049 has not been confirmed. The EPSS score is 48.8%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-57049?

CVE-2024-57049 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2024-57049 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.