CRITICAL🇵🇱 Wersja polska

CVE-2024-46340

CVSS 9.8v3.1pub. 2024-12-10upd. 2025-06-20

TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.

🤖 AI Analysis
How it works

After performing a factory reset to default settings, the device transmits user authentication data (e.g., passwords) in plaintext over the network without any encryption. An attacker capable of monitoring network traffic in the same network segment or on the transmission path can intercept this data without any additional privileges or user interaction. This is inconsistent with security best practices classified as CWE-312 (storage/transmission of sensitive data in unencrypted form).

Impact

An attacker can intercept user authentication data (login and password), which consequently allows for taking full administrative control over the device and potentially over the local network behind it.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Temporarily, it is recommended to avoid performing factory reset of the device in untrusted network environments and to monitor network traffic for transmission of authentication data in plaintext.

Who is affected

TP-Link TL-WR845N(UN) firmware versions: V4_201214, V4_200909, and V4_190219

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tp Link Tl Wr845n

    HW
    Tp-Link
    v4
  • Tp Link Tl Wr845n Firmware

    OS
    Tp-Link
    190219200909201214
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-57040CRITICAL9.8PL ✓ten sam produkt

TP-Link TL-WR845N — zakodowane na stałe hasło roota (hardcoded password)

CVE-2024-46341HIGH8.0ten sam produkt

TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be ea...

CVE-2024-50699HIGH8.0ten sam produkt

TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contai...

CVE-2025-15551MEDIUM5.9ten sam produkt

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any requ...

CVE-2025-6542CRITICAL9.3PL ✓ten sam vendor

Zdalne wykonanie poleceń OS bez uwierzytelnienia w routerach TP-Link Omada