Cyber Resilience

CVE-2024-55211

HighPublic PoC

Published: 17 April 2025

Published
17 April 2025
Modified
25 April 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55211 is a high-severity Reliance on Cookies without Validation and Integrity Checking (CWE-565) vulnerability in Think Tk-Rt-Wr135G Firmware. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1606.001 Web Cookies Credential Access
Adversaries may forge web cookies that can be used to gain access to web applications or Internet services.
Why these techniques?

The CVE enables authentication bypass on the router's public-facing web interface via crafted LoginStatus cookie, facilitating exploitation for initial access/privilege escalation (T1190, T1068) and forging web credentials (T1606.001).

Affected Assets

think
tk-rt-wr135g firmware
3.0.2-x000

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References