CVE-2023-50224
Published May 3, 2024
Last updated 6 months ago
AI description
CVE-2023-50224 is an information disclosure vulnerability affecting TP-Link TL-WR841N routers. It exists within the httpd service, which typically listens on TCP port 80. The vulnerability allows a network-adjacent attacker to send a crafted HTTP request to obtain sensitive information, such as stored credentials, without authentication. This could lead to further compromise of the affected system. The vulnerability is due to improper authentication within the httpd service. An attacker can exploit this to disclose stored credentials located in "/tmp/dropbear/dropbearpwd". CISA has added this flaw to its Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.
- Description
- TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Analyzed
- Products
- tl-wr841n_firmware
CVSS 3.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
- Exploit added on
- Sep 3, 2025
- Exploit action due
- Sep 24, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- zdi-disclosures@trendmicro.com
- CWE-290
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2024-7399 2 - CVE-2023-50224 3 - CVE-2025-48700 4 - CVE-2025-20333 5 - CVE-2026-5281 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Apr 2026
226 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Netomize shares the PacketSmith Yara detection module rule and a pcap for detecting attempted exploitation of the CVE-2023-50224 vulnerability in TP-Link TL-WR841N devices. #apt28 #CVE-2023-50224 https://t.co/gpn0NrkKFU
@PacketSmith
21 Apr 2026
56 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
DOJ/FBI took down APT28's DNS hijack infrastructure. GRU hiding in TP-Link routers since 2024—CVE-2023-50224, CVSS 6.5, "minor" auth bypass. Thousands owned via DHCP DNS redirect. Infra cut. Routers? Still compromised. Remote workers, branch offices—check DNS now.
@CisoRaging77913
13 Apr 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT28 exploited CVE-2023-50224 in 18,000+ TP-Link routers to hijack DNS traffic across 120 countries. Attackers redirected queries through malicious servers, intercepting credentials and enabling large-scale espionage. Runtime segmentation helps contain such infrastructure-based
@aviatrixtrc
10 Apr 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Linkルーター、サポート終了なら今夜確認を 20機種がGRUに掌握されDNSを書き換えられていた /Archer C5・WR841N・CVE-2023-50224・APT28・Outlook. https://t.co/GFrjhyXiIu
@koromo_master
10 Apr 2026
134 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Votre MFA est contournée si votre routeur est vulnérable ! APT28 utilise CVE-2023-50224 pour attaques "AiTM" et voler vos tokens. Sécurisez vos équipements de bordure. #CyberResilience https://t.co/qBx5WYif4v https://t.co/MjWdFPhVZR
@LeMagIT
10 Apr 2026
170 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
APT28 exploited CVE-2023-50224 in SOHO routers to hijack DNS settings, redirecting traffic through attacker-controlled infrastructure. The campaign intercepted credentials from 5,000+ devices across 120 countries via adversary-in-the-middle attacks. Runtime segmentation helps
@aviatrixtrc
9 Apr 2026
41 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Russian 🇷🇺 APT28 (GRU Unit 26165) exploits vulnerable routers including TP-Link WR841N via CVE-2023-50224 to hijack DNS settings for adversary-in-the-middle attacks. Campaign targets email/login traffic for credential harvesting. #DFIR_Radar
@DFIR_Radar
9 Apr 2026
174 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
"Finnish authorities participated in an international operation to disrupt the cyber espionage activities of the Russian military intelligence service GRU." 👉TP-Link routers that had not been patched for a vulnerability known as CVE-2023-50224. https://t.co/vNBmhEew6o
@AOPIRS
8 Apr 2026
72 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CISA Flags TP-Link Router Flaws 🚨 CVE-2023-50224 & CVE-2025-9377 added to KEV catalog — both are under active exploitation, threatening home & enterprise networks. 👉 Full blog: https://t.co/fPs67oC1gP
@vulert_official
29 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited #CISO https://t.co/pVcPadyS1D https://t.co/93QKHz7s75
@compuchris
18 Sept 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA adds TP-Link router flaws (CVE-2023-50224 & CVE-2025-9377) to its KEV catalog. Attackers are exploiting them NOW. Upgrade your hardware ASAP. Read More: https://t.co/eSJqkpwXhc #CyberSecurity #CISA #tplink #CVE202350224 #CVE20259377 #Canada #CanadaCyberAwareness
@FindSecCyber
8 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: La Settimana Cibernetica del 7 settembre 2025 🔹aggiornamenti per molteplici prodotti 🔹Rilevato sfruttamento in rete delle CVE-2023-50224 e CVE-2025-9377 relative a prodotti TP-Link 🔹Sitecore: rilevato sfruttamento di vulnerabilità zero-day … https://t.co/FJ
@Vulcanux_
8 Sept 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
La Settimana Cibernetica del 7 settembre 2025 🔹aggiornamenti per molteplici prodotti 🔹Rilevato sfruttamento in rete delle CVE-2023-50224 e CVE-2025-9377 relative a prodotti TP-Link 🔹Sitecore: rilevato sfruttamento di vulnerabilità zero-day ⚠️#EPSS 🔗https://t.c
@csirt_it
8 Sept 2025
125 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی ۲ آسیب پذیری با کدهای شناسایی CVE-2025-9377 برای مودم TP-Link مدل Archer C7(EU) از نوع OS command execution و آسیب پذیری با کد شناسایی CVE-2023-50224 برای مدل TL-WR841N از نوع authentication
@AmirHossein_sec
6 Sept 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/J7WHEhguth #CyberSecurity
@EpicPlain
5 Sept 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added TP-Link TL-WR841N/ND and Archer C7 vulnerabilities CVE-2023-50224 & CVE-2025-9377 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dlW52Mc5jG & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co
@sirjameshackz
4 Sept 2025
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA señala las fallas CVE-2023-50224 y CVE-2025-9377 del enrutador TP-Link como explotadas activamente. CISA agregó dos vulnerabilidades de TP-Link a su lista de fallas explotadas activamente. #ciberseguridad #cybersecurity https://t.co/1rB6PVxlpN
@EHCGroup
4 Sept 2025
26 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA Flags TP-Link Router #flaws #CVE-2023-50224 and #CVE-2025-9377 as Actively Exploited https://t.co/pYBBIXe91t
@AdliceSoftware
4 Sept 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Actively Exploited TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 #CyberSecurity #TPLink #CISA #CVE202350224 #CVE20259377 #RouterSecurity #HackingNews #Infosec #DataBreach #NetworkSecurity https://t.co/8mEvwasehs
@cyashadotcom
4 Sept 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️#TP-Link: rilevato lo sfruttamento attivo in rete delle vulnerabilità CVE-2023-50224 e CVE-2025-9377 Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔸 Remote Code Execution 🔸 Spoofing 🔗 https://t.co/qpiAHIYDFP … https
@Vulcanux_
4 Sept 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️#TP-Link: rilevato lo sfruttamento attivo in rete delle vulnerabilità CVE-2023-50224 e CVE-2025-9377 Rischio: 🔴 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔸 Remote Code Execution 🔸 Spoofing 🔗 https://t.co/ZqYm1FX2Pg ⚠ Mitigazioni di
@csirt_it
4 Sept 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA flags actively exploited TP-Link router flaw CVE-2023-50224 in its KEV catalog. Update your devices now! 🚨 https://t.co/XzWp99oNp9 #CISA #TPLink #Cybersecurity #Vulnerability #RouterFlaw
@0xT3chn0m4nc3r
4 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/D3XOcDdxKE
@chundefined
4 Sept 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/QXAF904nde https://t.co/eDmNEqvFDm
@talentxfactor
4 Sept 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/czvUvdXA06
@molari999
4 Sept 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/WPfsjeM2rz
@buzz_sec
4 Sept 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرتين أمنيّتين في أجهزة توجيه TP-Link إلى قائمة الثغرات المستغلة، مشيرةً إلى وجود أدلة على اس
@Cybercachear
4 Sept 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/QUyPzlSG5p
@DemolisherDigi
4 Sept 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/a2vvN2KHXn https://t.co/Sfb3Bn73zs
@RigneySec
4 Sept 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited https://t.co/sFkBewug5b https://t.co/cAuXz7aybz
@evanderburg
4 Sept 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-50224 #TP-Link #TL-WR841N Authentication Bypass by Spoofing Vulnerability https://t.co/5RlaOj7mPS
@ScyScan
3 Sept 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added TP-Link TL-WR841N/ND and Archer C7 vulnerabilities CVE-2023-50224 & CVE-2025-9377 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co
@CISACyber
3 Sept 2025
6923 Impressions
39 Retweets
71 Likes
7 Bookmarks
6 Replies
2 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:3.16.9:build_200409:*:*:*:*:*:*",
"matchCriteriaId": "02C7E519-F7A1-419F-BD07-B919A21E966E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:12:*:*:*:*:*:*:*",
"matchCriteriaId": "E855A3D8-9968-4DF9-890D-62028472A11B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]