What is CVE-2024-57040?

A critical vulnerability in TP-Link TL-WR845N firmware exposes root account due to hardcoded password. Immediate action is required to mitigate risks.

What is the severity of CVE-2024-57040?

CVE-2024-57040 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2024-57040 | Critical Vulnerability in TP-Link TL-WR845N Firmware

CVE-2024-57040 is a critical vulnerability affecting specific versions of the TP-Link TL-WR845N firmware. This vulnerability allows unauthorized access to the router's root account due to a hardcoded password. Attackers may leverage this flaw to gain full control over the affected devices, posing significant risks to network security.

The severity level is classified as critical with a CVSS score of 9.8, indicating a severe threat to organizations that utilize these devices. The vulnerability can be exploited remotely, and its impact encompasses high confidentiality, integrity, and availability risks.

Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability. Exploitation is possible through firmware analysis or brute force attacks with physical access to the router.

As of now, this vulnerability has been confirmed with no public exploit available but a proof-of-concept has been found on GitHub. Organizations are advised to address this vulnerability as part of their immediate remediation efforts.

Vulnerability Details

This vulnerability allows a hardcoded password access to the root account on the TL-WR845N router models identified as TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219. The CVSS score is 9.8, indicating a critical severity level, and it affects the router firmware versions identified by CPEs such as 'cpe:2.3:o:tp-link:tl-wr845n_firmware:190219:*:*:*:*:*:*:*', 'cpe:2.3:o:tp-link:tl-wr845n_firmware:200909:*:*:*:*:*:*:*', and 'cpe:2.3:o:tp-link:tl-wr845n_firmware:201214:*:*:*:*:*:*:*'.

The vulnerability was published on February 26, 2025, and is classified under the CWE-798 category.

Technical Analysis

The root cause of this vulnerability stems from the presence of a hardcoded password in the firmware, allowing attackers to gain unauthorized access to the root account. The attack vector is network-based, with low complexity and no privileges required for exploitation.

Since no user interaction is required, and with high impacts to confidentiality, integrity, and availability, the potential for significant damage is substantial.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to sensitive network configurations, potential data breaches, and disruption of network availability. The urgency for addressing this vulnerability is high, given its critical classification and the potential for exploitation in various environments.

Organizations should assess the blast radius of this vulnerability as it could affect any device using the vulnerable firmware, leading to widespread exploitation if not remediated promptly.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the TP-Link TL-WR845N firmware are 190219, 200909, and 201214. Organizations should ensure that they are running the latest patched firmware to mitigate this vulnerability.

Mitigation & Remediation

To remediate this vulnerability, organizations should update to the latest version of the firmware as soon as it becomes available. If a patch is not yet available, immediate steps should be taken to secure the router, such as disabling remote management and changing default passwords.

For ongoing security, organizations may consider implementing penetration testing to identify similar vulnerabilities across their network.

Detection Guidance

Organizations should monitor logs for unusual access patterns, particularly from external sources, and implement network signatures to detect unauthorized access attempts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its representation of a broader trend in security weaknesses associated with hardcoded credentials. Organizations should take this opportunity to review their security policies and practices, ensuring that hardcoded passwords are not utilized in any systems.

For further reading on securing devices and understanding vulnerabilities, resources like the vulnerability management program can be invaluable.

Additionally, understanding penetration testing methodologies through our penetration testing methodology article will provide insights into proactive security measures.

Finally, ongoing education about security best practices as outlined in our security testing best practices guide can help organizations stay ahead of vulnerabilities like CVE-2024-57040.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-57040: Critical Vulnerability in TP-Link TL-WR845N Firmware