CVE-2024-57040
Published: 26 February 2025
Summary
CVE-2024-57040 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Tp-Link Tl-Wr845N Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the vulnerability by requiring timely remediation of flaws, such as applying the vendor's patched firmware versions that remove the hardcoded root password.
Mandates secure management of authenticators including prohibitions on hardcoded credentials, preventing extraction and use of the root password from firmware analysis.
Enables management of privileged accounts like root by disabling unnecessary accounts or enforcing secure credential changes, mitigating exploitation even if the hardcoded password is known.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded root credentials directly enable remote unauthenticated access to a public-facing network device (T1190) via default/valid accounts (T1078.001).
NVD Description
TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE:…
more
The supplier has stated that this issue was fixed in firmware versions 250401 or later.
Deeper analysisAI
CVE-2024-57040 is a high-severity vulnerability (CVSS 3.1 score of 9.8) involving a hardcoded password for the root account in TP-Link TL-WR845N routers running firmware versions TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219. This issue, classified under CWE-798 (Use of Hard-coded Credentials), allows the root password to be extracted by analyzing publicly downloadable firmware images or through brute-force attacks requiring physical access to the device.
Attackers with network access can exploit this remotely by downloading and reverse-engineering the firmware to obtain the hardcoded credentials, granting unauthenticated root-level access without privileges, user interaction, or special conditions. Physical proximity enables brute-force attempts on the device itself. Successful exploitation provides high-impact confidentiality, integrity, and availability compromise, potentially allowing full device takeover, configuration changes, data exfiltration, or use as a pivot for further network attacks.
The supplier states that the vulnerability is addressed in firmware versions 250401 and later. Security practitioners should verify and upgrade affected TL-WR845N devices to these patched versions, restrict physical access, and monitor for unauthorized root logins. Additional details are available in the referenced advisory at https://security.iiita.ac.in/iot/hashed_password.pdf.
Details
- CWE(s)