CVE-2024-46341 identifies a vulnerability in the TP-Link TL-WR845N(UN)_V4_190219 router where credentials are transmitted in base64 encoded form rather than being properly encrypted. Base64 encoding is a reversible transformation that does not provide any cryptographic security, allowing attackers who can intercept network traffic to easily decode and obtain sensitive authentication credentials. This vulnerability arises from improper handling of credential transmission, classified under CWE-522 (Insufficiently Protected Credentials). The attack vector requires an attacker to be in a position to perform a man-in-the-middle attack, such as being on the same local network or controlling a network segment. The CVSS 3.1 vector indicates the attack complexity is low, privileges required are low, and no user interaction is needed, but the attack vector is adjacent network (AV:A), meaning the attacker must have some network access. The impact is high across confidentiality, integrity, and availability, as attackers can gain unauthorized access to the router, potentially altering configurations, intercepting traffic, or disrupting network services. No patches or fixes have been published at the time of disclosure, and no known exploits have been observed in the wild. The vulnerability was reserved in September 2024 and published in December 2024. Given the widespread use of TP-Link routers globally, this vulnerability poses a significant risk to home and small office networks that rely on this device model.

The vulnerability allows attackers to intercept and decode router credentials easily, leading to unauthorized access to the device. This can compromise the confidentiality of network traffic, allow attackers to modify router settings (integrity impact), and disrupt network availability by changing configurations or launching denial-of-service attacks. Organizations using the affected router model risk exposure of internal network credentials, potential lateral movement within networks, and loss of control over network infrastructure. The ease of exploitation combined with the critical role of routers in network security elevates the threat to a high level. Attackers do not require user interaction, increasing the likelihood of automated or opportunistic attacks. The absence of patches increases exposure time, and the lack of known exploits in the wild suggests the vulnerability is newly disclosed but could be targeted soon. The impact is particularly severe for small businesses and home users who may lack advanced network monitoring and segmentation controls.

1. Immediately disable remote management interfaces on the affected TP-Link TL-WR845N(UN)_V4_190219 routers to reduce exposure to remote attackers. 2. Use network segmentation to isolate vulnerable routers from critical internal networks and sensitive systems, limiting the attack surface. 3. Enforce the use of encrypted management protocols such as HTTPS or SSH if supported, avoiding transmission of credentials in clear or base64 encoded form. 4. Monitor network traffic for signs of man-in-the-middle attacks, such as unexpected ARP spoofing or rogue DHCP servers. 5. Replace or upgrade affected devices with models that implement proper credential encryption and secure management practices. 6. If firmware updates become available, apply them promptly to remediate the vulnerability. 7. Educate users about the risks of connecting to untrusted networks where MitM attacks are more feasible. 8. Employ network intrusion detection systems (NIDS) to detect anomalous traffic patterns indicative of credential interception attempts. 9. Consider using VPNs or other encrypted tunnels to protect management traffic until a patch is available. 10. Maintain an inventory of network devices to quickly identify and isolate vulnerable hardware.