Cyber Resilience

CVE-2024-57040

Critical

Published: 26 February 2025

Published
26 February 2025
Modified
22 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0264 86.0th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57040 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Tp-Link Tl-Wr845N Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

TP-Link TL-WR845N routers running firmware versions TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 contain a hardcoded root password that can be recovered through firmware analysis or brute-force attempts after physical access. The flaw is tracked as CVE-2024-57040 with a CVSS 3.1 score of 9.8 and is classified under CWE-798 for use of hard-coded credentials.

An attacker with network reachability can leverage the credential to obtain full administrative control, resulting in complete compromise of confidentiality, integrity, and availability without requiring authentication or user interaction. Physical proximity enables direct brute-force attempts on the exposed root account.

The vendor states that the issue is resolved in firmware version 250401 and later. A technical report detailing the password recovery process is available at the referenced URL.

EPSS for the vulnerability rose from low values to a recorded peak of 0.0970 on 2026-04-06 before receding to the current score of 0.0264, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE:…

more

The supplier has stated that this issue was fixed in firmware versions 250401 or later.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Hardcoded root credentials directly enable remote unauthenticated access to a public-facing network device (T1190) via default/valid accounts (T1078.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-10850Shared CWE-798
CVE-2024-57049Same vendor: Tp-Link
CVE-2026-0834Same vendor: Tp-Link
CVE-2025-9292Same vendor: Tp-Link
CVE-2026-25202Shared CWE-798
CVE-2026-1668Same vendor: Tp-Link
CVE-2026-22769Shared CWE-798
CVE-2025-15517Same vendor: Tp-Link
CVE-2026-34121Same vendor: Tp-Link
CVE-2026-1221Shared CWE-798

Affected Assets

tp-link
tl-wr845n firmware
190219, 200909, 201214

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the vulnerability by requiring timely remediation of flaws, such as applying the vendor's patched firmware versions that remove the hardcoded root password.

prevent

Mandates secure management of authenticators including prohibitions on hardcoded credentials, preventing extraction and use of the root password from firmware analysis.

prevent

Enables management of privileged accounts like root by disabling unnecessary accounts or enforcing secure credential changes, mitigating exploitation even if the hardcoded password is known.

References