vendor:
TL-WR849N
by:
Elber Tavares
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: TL-WR849N
Affected Version From: TL-WR849N 0.9.1 4.16
Affected Version To: TL-WR849N 0.9.1 4.16
Patch Exists: YES
Related CWE: CVE-CVE-2019-19143
CPE: h:tp-link:tl-wr849n
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Linux, Windows
2019
TL-WR849N 0.9.1 4.16 – Authentication Bypass (Upload Firmware)
Uploading new firmware without access to the panel
Mitigation:
Ensure that authentication is required for all firmware uploads and that only authorized users are allowed to upload firmware.
