CVE-2023-50224

Published May 3, 2024

Last updated 5 months ago

Exploit knownCVSS medium 6.5
TP-Link
Port (80)

Overview

Description
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.
Source
zdi-disclosures@trendmicro.com
NVD status
Analyzed
Products
tl-wr841n_firmware

Risk scores

CVSS 3.0

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
Exploit added on
Sep 3, 2025
Exploit action due
Sep 24, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

zdi-disclosures@trendmicro.com
CWE-290

Social media

Hype score
Not currently trending

  1. 🚨 CISA Flags TP-Link Router Flaws 🚨 CVE-2023-50224 & CVE-2025-9377 added to KEV catalog — both are under active exploitation, threatening home & enterprise networks. 👉 Full blog: https://t.co/fPs67oC1gP

    @vulert_official

    29 Sept 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited #CISO https://t.co/pVcPadyS1D https://t.co/93QKHz7s75

    @compuchris

    18 Sept 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CISA adds TP-Link router flaws (CVE-2023-50224 & CVE-2025-9377) to its KEV catalog. Attackers are exploiting them NOW. Upgrade your hardware ASAP. Read More: https://t.co/eSJqkpwXhc #CyberSecurity #CISA #tplink #CVE202350224 #CVE20259377 #Canada #CanadaCyberAwareness

    @FindSecCyber

    8 Sept 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. csirt_it: La Settimana Cibernetica del 7 settembre 2025 🔹aggiornamenti per molteplici prodotti 🔹Rilevato sfruttamento in rete delle CVE-2023-50224 e CVE-2025-9377 relative a prodotti TP-Link 🔹Sitecore: rilevato sfruttamento di vulnerabilità zero-day … https://t.co/FJ

    @Vulcanux_

    8 Sept 2025

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. La Settimana Cibernetica del 7 settembre 2025 🔹aggiornamenti per molteplici prodotti 🔹Rilevato sfruttamento in rete delle CVE-2023-50224 e CVE-2025-9377 relative a prodotti TP-Link 🔹Sitecore: rilevato sfruttamento di vulnerabilità zero-day ⚠️#EPSS 🔗https://t.c

    @csirt_it

    8 Sept 2025

    125 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. به تازگی ۲ آسیب پذیری با کدهای شناسایی CVE-2025-9377 برای مودم TP-Link مدل Archer C7(EU) از نوع OS command execution و آسیب پذیری با کد شناسایی CVE-2023-50224 برای مدل TL-WR841N از نوع authentication

    @AmirHossein_sec

    6 Sept 2025

    120 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/J7WHEhguth #CyberSecurity

    @EpicPlain

    5 Sept 2025

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🛡️ We added TP-Link TL-WR841N/ND and Archer C7 vulnerabilities CVE-2023-50224 & CVE-2025-9377 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dlW52Mc5jG & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co

    @sirjameshackz

    4 Sept 2025

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CISA señala las fallas CVE-2023-50224 y CVE-2025-9377 del enrutador TP-Link como explotadas activamente. CISA agregó dos vulnerabilidades de TP-Link a su lista de fallas explotadas activamente. #ciberseguridad #cybersecurity https://t.co/1rB6PVxlpN

    @EHCGroup

    4 Sept 2025

    26 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. CISA Flags TP-Link Router #flaws #CVE-2023-50224 and #CVE-2025-9377 as Actively Exploited https://t.co/pYBBIXe91t

    @AdliceSoftware

    4 Sept 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CISA Warns of Actively Exploited TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 #CyberSecurity #TPLink #CISA #CVE202350224 #CVE20259377 #RouterSecurity #HackingNews #Infosec #DataBreach #NetworkSecurity https://t.co/8mEvwasehs

    @cyashadotcom

    4 Sept 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. csirt_it: ‼️#TP-Link: rilevato lo sfruttamento attivo in rete delle vulnerabilità CVE-2023-50224 e CVE-2025-9377 Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔸 Remote Code Execution 🔸 Spoofing 🔗 https://t.co/qpiAHIYDFP … https

    @Vulcanux_

    4 Sept 2025

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. ‼️#TP-Link: rilevato lo sfruttamento attivo in rete delle vulnerabilità CVE-2023-50224 e CVE-2025-9377 Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔸 Remote Code Execution 🔸 Spoofing 🔗 https://t.co/ZqYm1FX2Pg ⚠ Mitigazioni di

    @csirt_it

    4 Sept 2025

    45 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CISA flags actively exploited TP-Link router flaw CVE-2023-50224 in its KEV catalog. Update your devices now! 🚨 https://t.co/XzWp99oNp9 #CISA #TPLink #Cybersecurity #Vulnerability #RouterFlaw

    @0xT3chn0m4nc3r

    4 Sept 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/D3XOcDdxKE

    @chundefined

    4 Sept 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/QXAF904nde https://t.co/eDmNEqvFDm

    @talentxfactor

    4 Sept 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/czvUvdXA06

    @molari999

    4 Sept 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. The Hacker News - CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/WPfsjeM2rz

    @buzz_sec

    4 Sept 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرتين أمنيّتين في أجهزة توجيه TP-Link إلى قائمة الثغرات المستغلة، مشيرةً إلى وجود أدلة على اس

    @Cybercachear

    4 Sept 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/QUyPzlSG5p

    @DemolisherDigi

    4 Sept 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/a2vvN2KHXn https://t.co/Sfb3Bn73zs

    @RigneySec

    4 Sept 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/sFkBewug5b https://t.co/cAuXz7aybz

    @evanderburg

    4 Sept 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-50224 #TP-Link #TL-WR841N Authentication Bypass by Spoofing Vulnerability https://t.co/5RlaOj7mPS

    @ScyScan

    3 Sept 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🛡️ We added TP-Link TL-WR841N/ND and Archer C7 vulnerabilities CVE-2023-50224 & CVE-2025-9377 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co

    @CISACyber

    3 Sept 2025

    6923 Impressions

    39 Retweets

    71 Likes

    7 Bookmarks

    6 Replies

    2 Quotes

Configurations

Related CVEs

  1. An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers to send HTTP/1.0 requests in a way that would desync Pingora’s request framing from backend servers’. Impact This vulnerability primarily affects standalone Pingora deployments in front of certain backends that accept HTTP/1.0 requests. An attacker could craft a malicious payload following this request that Pingora forwards to the backend in order to: * Bypass proxy-level ACL controls and WAF logic * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP Cloudflare's CDN infrastructure was not affected by this vulnerability, as its ingress proxy layers forwarded HTTP/1.1 requests only, rejected ambiguous framing such as invalid Content-Length values, and forwarded a single Transfer-Encoding: chunked header for chunked requests. Mitigation: Pingora users should upgrade to Pingora v0.8.0 or higher that fixes this issue by correctly parsing message length headers per RFC 9112 and strictly adhering to more RFC guidelines, including that HTTP request bodies are never close-delimited. As a workaround, users can reject certain requests with an error in the request filter logic in order to stop processing bytes on the connection and disable downstream connection reuse. The user should reject any non-HTTP/1.1 request, or a request that has invalid Content-Length, multiple Transfer-Encoding headers, or Transfer-Encoding header that is not an exact “chunked” string match.CVE-2026-2835
  2. An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the backend has accepted the upgrade. An attacker can thus directly forward a malicious payload after a request with an Upgrade header to that backend in a way that may be interpreted as a subsequent request header, bypassing proxy-level security controls and enabling cross-user session hijacking. Impact This vulnerability primarily affects standalone Pingora deployments where a Pingora proxy is exposed to external traffic. An attacker could exploit this to: * Bypass proxy-level ACL controls and WAF logic * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP Cloudflare's CDN infrastructure was not affected by this vulnerability, as ingress proxies in the CDN stack maintain proper HTTP parsing boundaries and do not prematurely switch to upgraded connection forwarding mode. Mitigation: Pingora users should upgrade to Pingora v0.8.0 or higher As a workaround, users may return an error on requests with the Upgrade header present in their request filter logic in order to stop processing bytes beyond the request header and disable downstream connection reuse.CVE-2026-2833
  3. cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via set_exception_handler(), the library catches the exception and writes its message directly into the HTTP response as a header named EXCEPTION_WHAT. This header is sent to whoever made the request, with no authentication check and no special configuration required to trigger it. The behavior is on by default. A developer who does not know to opt in to set_exception_handler() will ship a server that leaks internal exception messages to any client. This vulnerability is fixed in 0.35.0.CVE-2026-28434
  4. METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.CVE-2026-2249
  5. User-controlled header names and values containing newlines can allow injecting HTTP headers.CVE-2026-0865

References

Sources include official advisories and independent security research.