CVE-2024-57040
Published: 26 February 2025
Summary
CVE-2024-57040 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Tp-Link Tl-Wr845N Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Deeper analysis
TP-Link TL-WR845N routers running firmware versions TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 contain a hardcoded root password that can be recovered through firmware analysis or brute-force attempts after physical access. The flaw is tracked as CVE-2024-57040 with a CVSS 3.1 score of 9.8 and is classified under CWE-798 for use of hard-coded credentials.
An attacker with network reachability can leverage the credential to obtain full administrative control, resulting in complete compromise of confidentiality, integrity, and availability without requiring authentication or user interaction. Physical proximity enables direct brute-force attempts on the exposed root account.
The vendor states that the issue is resolved in firmware version 250401 and later. A technical report detailing the password recovery process is available at the referenced URL.
EPSS for the vulnerability rose from low values to a recorded peak of 0.0970 on 2026-04-06 before receding to the current score of 0.0264, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5279
Vulnerability details
TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE:…
more
The supplier has stated that this issue was fixed in firmware versions 250401 or later.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded root credentials directly enable remote unauthenticated access to a public-facing network device (T1190) via default/valid accounts (T1078.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the vulnerability by requiring timely remediation of flaws, such as applying the vendor's patched firmware versions that remove the hardcoded root password.
Mandates secure management of authenticators including prohibitions on hardcoded credentials, preventing extraction and use of the root password from firmware analysis.
Enables management of privileged accounts like root by disabling unnecessary accounts or enforcing secure credential changes, mitigating exploitation even if the hardcoded password is known.