CVE-2023-50224

Published May 3, 2024

Last updated 11 days ago

Exploit knownCVSS medium 6.5
TP-Link

Overview

AI description

Automated description summarized from trusted sources.

CVE-2023-50224 is an information disclosure vulnerability affecting TP-Link TL-WR841N routers. It exists within the httpd service, which typically listens on TCP port 80. The vulnerability allows a network-adjacent attacker to send a crafted HTTP request to obtain sensitive information, such as stored credentials, without authentication. This could lead to further compromise of the affected system. The vulnerability is due to improper authentication within the httpd service. An attacker can exploit this to disclose stored credentials located in "/tmp/dropbear/dropbearpwd". CISA has added this flaw to its Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

Description
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.
Source
zdi-disclosures@trendmicro.com
NVD status
Analyzed
Products
tl-wr841n_firmware

Risk scores

CVSS 3.0

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
Exploit added on
Sep 3, 2025
Exploit action due
Sep 24, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

zdi-disclosures@trendmicro.com
CWE-290

Social media

Hype score
Not currently trending

  1. 🚨 CISA adds TP-Link router flaws (CVE-2023-50224 & CVE-2025-9377) to its KEV catalog. Attackers are exploiting them NOW. Upgrade your hardware ASAP. Read More: https://t.co/eSJqkpwXhc #CyberSecurity #CISA #tplink #CVE202350224 #CVE20259377 #Canada #CanadaCyberAwareness

    @FindSecCyber

    8 Sept 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. csirt_it: La Settimana Cibernetica del 7 settembre 2025 🔹aggiornamenti per molteplici prodotti 🔹Rilevato sfruttamento in rete delle CVE-2023-50224 e CVE-2025-9377 relative a prodotti TP-Link 🔹Sitecore: rilevato sfruttamento di vulnerabilità zero-day … https://t.co/FJ

    @Vulcanux_

    8 Sept 2025

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. La Settimana Cibernetica del 7 settembre 2025 🔹aggiornamenti per molteplici prodotti 🔹Rilevato sfruttamento in rete delle CVE-2023-50224 e CVE-2025-9377 relative a prodotti TP-Link 🔹Sitecore: rilevato sfruttamento di vulnerabilità zero-day ⚠️#EPSS 🔗https://t.c

    @csirt_it

    8 Sept 2025

    125 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. به تازگی ۲ آسیب پذیری با کدهای شناسایی CVE-2025-9377 برای مودم TP-Link مدل Archer C7(EU) از نوع OS command execution و آسیب پذیری با کد شناسایی CVE-2023-50224 برای مدل TL-WR841N از نوع authentication

    @AmirHossein_sec

    6 Sept 2025

    120 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/J7WHEhguth #CyberSecurity

    @EpicPlain

    5 Sept 2025

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🛡️ We added TP-Link TL-WR841N/ND and Archer C7 vulnerabilities CVE-2023-50224 & CVE-2025-9377 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dlW52Mc5jG & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co

    @sirjameshackz

    4 Sept 2025

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CISA señala las fallas CVE-2023-50224 y CVE-2025-9377 del enrutador TP-Link como explotadas activamente. CISA agregó dos vulnerabilidades de TP-Link a su lista de fallas explotadas activamente. #ciberseguridad #cybersecurity https://t.co/1rB6PVxlpN

    @EHCGroup

    4 Sept 2025

    26 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. CISA Flags TP-Link Router #flaws #CVE-2023-50224 and #CVE-2025-9377 as Actively Exploited https://t.co/pYBBIXe91t

    @AdliceSoftware

    4 Sept 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CISA Warns of Actively Exploited TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 #CyberSecurity #TPLink #CISA #CVE202350224 #CVE20259377 #RouterSecurity #HackingNews #Infosec #DataBreach #NetworkSecurity https://t.co/8mEvwasehs

    @cyashadotcom

    4 Sept 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. csirt_it: ‼️#TP-Link: rilevato lo sfruttamento attivo in rete delle vulnerabilità CVE-2023-50224 e CVE-2025-9377 Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔸 Remote Code Execution 🔸 Spoofing 🔗 https://t.co/qpiAHIYDFP … https

    @Vulcanux_

    4 Sept 2025

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ‼️#TP-Link: rilevato lo sfruttamento attivo in rete delle vulnerabilità CVE-2023-50224 e CVE-2025-9377 Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔸 Remote Code Execution 🔸 Spoofing 🔗 https://t.co/ZqYm1FX2Pg ⚠ Mitigazioni di

    @csirt_it

    4 Sept 2025

    45 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CISA flags actively exploited TP-Link router flaw CVE-2023-50224 in its KEV catalog. Update your devices now! 🚨 https://t.co/XzWp99oNp9 #CISA #TPLink #Cybersecurity #Vulnerability #RouterFlaw

    @0xT3chn0m4nc3r

    4 Sept 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/D3XOcDdxKE

    @chundefined

    4 Sept 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/QXAF904nde https://t.co/eDmNEqvFDm

    @talentxfactor

    4 Sept 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/czvUvdXA06

    @molari999

    4 Sept 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. The Hacker News - CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/WPfsjeM2rz

    @buzz_sec

    4 Sept 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرتين أمنيّتين في أجهزة توجيه TP-Link إلى قائمة الثغرات المستغلة، مشيرةً إلى وجود أدلة على اس

    @Cybercachear

    4 Sept 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/QUyPzlSG5p

    @DemolisherDigi

    4 Sept 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/a2vvN2KHXn https://t.co/Sfb3Bn73zs

    @RigneySec

    4 Sept 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/sFkBewug5b https://t.co/cAuXz7aybz

    @evanderburg

    4 Sept 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-50224 #TP-Link #TL-WR841N Authentication Bypass by Spoofing Vulnerability https://t.co/5RlaOj7mPS

    @ScyScan

    3 Sept 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🛡️ We added TP-Link TL-WR841N/ND and Archer C7 vulnerabilities CVE-2023-50224 & CVE-2025-9377 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co

    @CISACyber

    3 Sept 2025

    6923 Impressions

    39 Retweets

    71 Likes

    7 Bookmarks

    6 Replies

    2 Quotes

Configurations

References

Sources include official advisories and independent security research.