CVE-2023-50224 - TP-Link TL-WR841N
AI Vulnerability ContextTP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from impro...
Overview
A source-backed snapshot of this vulnerability.
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2023-50224
- Vendor/project
- TP-Link
- Product
- TL-WR841N
- Vulnerability name
- TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
- Date added
- 2025-09-03
- Due date
- 2025-09-24
- Known ransomware campaign use
- Unknown
- CVSS v3
- 6.5
Exploit context
What the vulnerability is about.
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
