Description

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication. NOTE: this is disputed by the Supplier because the response to the API call is only "non-sensitive UI initialization variables."

INFO

Published Date :

2025-02-18T00:00:00.000Z

Last Modified :

2026-02-12T05:03:22.325Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-57049 vulnerability.

Vendors Products
Tp-link
  • Archer C20
  • Archer C20 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-57049.

URL Resource
https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/archer%20c20/ACL%20bypass%20Vulnerability%20in%20TP-Link%20archer%20c20.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact