CVE-2024-50699 identifies a critical security weakness in TP-Link TL-WR845N(UN) V4 routers, specifically versions dated 2019-02-19, 2020-09-09, and 2020-12-14. The vulnerability stems from weak default administrator credentials embedded in the firmware, classified under CWE-522 (Insufficiently Protected Credentials). An attacker with access to the local network or via remote access if exposed could leverage these default credentials to authenticate as an administrator without needing to guess or brute force passwords. This grants full control over the router’s configuration, enabling actions such as intercepting or redirecting traffic, deploying malicious firmware, or disrupting network availability. The CVSS v3.1 vector (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that the attack vector is adjacent network (e.g., Wi-Fi or LAN), requires low attack complexity, low privileges, no user interaction, and impacts confidentiality, integrity, and availability at a high level. Although no known exploits are currently reported in the wild, the vulnerability’s nature and severity make it a significant risk, especially in environments where these routers are deployed without additional network segmentation or security controls. No official patches or firmware updates have been linked yet, emphasizing the need for immediate mitigation through configuration changes and network controls.

The exploitation of this vulnerability can lead to complete compromise of affected TP-Link TL-WR845N(UN) V4 routers. Attackers gaining administrative access can manipulate network traffic, steal sensitive data, inject malware, or cause denial of service by misconfiguring or disabling the device. This threatens the confidentiality, integrity, and availability of all network communications passing through the router. Organizations relying on these routers for critical network infrastructure, including small to medium enterprises, home offices, and possibly some larger deployments, face risks of data breaches, espionage, and operational disruption. The vulnerability’s ease of exploitation and high impact make it a significant threat to network security, especially in environments lacking strong network segmentation or monitoring. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for remediation given the potential damage.

1. Immediately change the default administrator credentials on all affected TP-Link TL-WR845N(UN) V4 routers to strong, unique passwords. 2. Restrict administrative access to the router by limiting management interfaces to trusted IP addresses or VLANs and disabling remote management if not required. 3. Segment the network to isolate critical systems from devices using these routers, reducing the attack surface. 4. Monitor network traffic for unusual activity that could indicate exploitation attempts, such as unexpected configuration changes or unauthorized access. 5. Regularly check TP-Link’s official channels for firmware updates or security advisories addressing this vulnerability and apply patches promptly when available. 6. Consider replacing affected devices with models that have stronger security postures if firmware updates are not forthcoming. 7. Educate users and administrators about the risks of default credentials and enforce policies to avoid their use in any network device.