CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:archer_c20_firmware:6.6_230412:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c20:6.6:*:*:*:*:*:*:*

History

06 Jun 2025, 17:59

Type Values Removed Values Added
First Time Tp-link archer C20 Firmware
Tp-link archer C20
Tp-link
References () https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/archer%20c20/ACL%20bypass%20Vulnerability%20in%20TP-Link%20archer%20c20.md - () https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/archer%20c20/ACL%20bypass%20Vulnerability%20in%20TP-Link%20archer%20c20.md - Exploit, Third Party Advisory
CPE cpe:2.3:h:tp-link:archer_c20:6.6:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_c20_firmware:6.6_230412:*:*:*:*:*:*:*

19 Feb 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-287
Summary
  • (es) Una vulnerabilidad en el TP-Link Archer C20 router con la versión de firmware V6.6_230412 y antes permite a las personas no autorizadas evitar la autenticación de algunas interfaces bajo el directorio /CGI. Al agregar referente: http://tplinkwifi.net a la solicitud, se reconocerá que pasa la autenticación.

18 Feb 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-18 15:15

Updated : 2025-06-06 17:59


NVD link : CVE-2024-57049

Mitre link : CVE-2024-57049

CVE.ORG link : CVE-2024-57049


JSON object : View

Products Affected

tp-link

  • archer_c20_firmware
  • archer_c20
CWE
CWE-287

Improper Authentication