Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.

Published

2025-02-18T15:15:16.890

Last Modified

2025-06-06T17:59:07.280

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tp-link	archer_c20_firmware	6.6_230412	Yes
Hardware	tp-link	archer_c20	6.6	No

References

https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/archer%20c20/ACL%20bypass%20Vulnerability%20in%20TP-Link%20archer%20c20.md Exploit, Third Party Advisory ([email protected])