CVE-2018-12575 — CRITICAL (9.8)

Vulnerability Description

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tp-Link	Tl-Wr841N Firmware	0.9.1_4.16
Tp-Link	Tl-Wr841N	13.0

Related Weaknesses (CWE)

CWE-287

References

https://software-talk.org/blog/2018/06/tplink-wr841n-broken-auth-cve-2018-12575/Broken LinkThird Party Advisory
https://software-talk.org/blog/2018/06/tplink-wr841n-broken-auth-cve-2018-12575/Broken LinkThird Party Advisory

FAQ

What is CVE-2018-12575?

CVE-2018-12575 is a vulnerability with a CVSS score of 9.8 (CRITICAL). On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.

How severe is CVE-2018-12575?

CVE-2018-12575 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-12575?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr841N Firmware, Tp-Link Tl-Wr841N.