CVE-2024-57040: n/a
TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has stated that this issue was fixed in firmware versions 250401 or later.
AI Analysis
Technical Summary
CVE-2024-57040 identifies a critical vulnerability in TP-Link TL-WR845N routers running firmware versions TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219. These versions contain a hardcoded root password (CWE-798) that can be extracted by analyzing the firmware image or brute forced through physical access to the router. This flaw allows an unauthenticated attacker to gain root-level access remotely over the network. The supplier has released fixed firmware versions 250401 or later to remediate this issue.
Potential Impact
Exploitation of this vulnerability grants an attacker full administrative control over affected TP-Link TL-WR845N devices, potentially leading to complete compromise of the router, interception or manipulation of network traffic, and disruption of network services. The CVSS score of 9.8 reflects the high impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
The supplier has fixed this vulnerability in firmware version 250401 or later. Users of affected TP-Link TL-WR845N devices should upgrade their firmware to version 250401 or newer to remediate the issue. Until the update is applied, physical access to the device should be restricted to prevent brute force attacks. Patch status is confirmed by the supplier advisory.
CVE-2024-57040: n/a
Description
TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. NOTE: The supplier has stated that this issue was fixed in firmware versions 250401 or later.
CVSS v3.1
Score 9.8critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-57040 identifies a critical vulnerability in TP-Link TL-WR845N routers running firmware versions TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219. These versions contain a hardcoded root password (CWE-798) that can be extracted by analyzing the firmware image or brute forced through physical access to the router. This flaw allows an unauthenticated attacker to gain root-level access remotely over the network. The supplier has released fixed firmware versions 250401 or later to remediate this issue.
Potential Impact
Exploitation of this vulnerability grants an attacker full administrative control over affected TP-Link TL-WR845N devices, potentially leading to complete compromise of the router, interception or manipulation of network traffic, and disruption of network services. The CVSS score of 9.8 reflects the high impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
The supplier has fixed this vulnerability in firmware version 250401 or later. Users of affected TP-Link TL-WR845N devices should upgrade their firmware to version 250401 or newer to remediate the issue. Until the update is applied, physical access to the device should be restricted to prevent brute force attacks. Patch status is confirmed by the supplier advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-01-09T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e8fb7e19fe3cd2cdd20ea9
Added to database: 4/22/2026, 4:46:54 PM
Last enriched: 4/22/2026, 5:01:06 PM
Last updated: 6/6/2026, 10:07:21 PM
Views: 66
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.