Vulnerability Description
The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Wr841N V8 Firmware | <= tl-wr841n_v8_140724 |
| Tp-Link | Wr841N V8 | - |
Related Weaknesses (CWE)
References
- http://blog.senr.io/blog/cve-2017-9466-why-is-my-router-blinking-morse-codeExploitTechnical DescriptionThird Party Advisory
- http://blog.senr.io/blog/cve-2017-9466-why-is-my-router-blinking-morse-codeExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2017-9466?
CVE-2017-9466 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which all...
How severe is CVE-2017-9466?
CVE-2017-9466 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-9466?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Wr841N V8 Firmware, Tp-Link Wr841N V8.