A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.
References
Link | Resource |
---|---|
https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/archer%20c20/ACL%20bypass%20Vulnerability%20in%20TP-Link%20archer%20c20.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
06 Jun 2025, 17:59
Type | Values Removed | Values Added |
---|---|---|
First Time |
Tp-link archer C20 Firmware
Tp-link archer C20 Tp-link |
|
References | () https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/archer%20c20/ACL%20bypass%20Vulnerability%20in%20TP-Link%20archer%20c20.md - Exploit, Third Party Advisory | |
CPE | cpe:2.3:h:tp-link:archer_c20:6.6:*:*:*:*:*:*:* cpe:2.3:o:tp-link:archer_c20_firmware:6.6_230412:*:*:*:*:*:*:* |
19 Feb 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-287 | |
Summary |
|
18 Feb 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-02-18 15:15
Updated : 2025-06-06 17:59
NVD link : CVE-2024-57049
Mitre link : CVE-2024-57049
CVE.ORG link : CVE-2024-57049
JSON object : View
Products Affected
tp-link
- archer_c20_firmware
- archer_c20
CWE
CWE-287
Improper Authentication