Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2019-19143

Published: 27/01/2020 Updated: 01/02/2023
CVSS v2 Base Score: 4.1 | Impact Score: 4.9 | Exploitability Score: 5.1
CVSS v3 Base Score: 6.1 | Impact Score: 5.2 | Exploitability Score: 0.9
VMScore: 415
Vector: AV:A/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Tl-wr849n Firmware

Vulnerability Summary

TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tp-link tl-wr849n_firmware 0.9.1_4.16

Exploits

Exploit DB: TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
# Exploit Title: TL-WR849N 091 416 - Authentication Bypass (Upload Firmware) # Date: 2019-11-20 # Exploit Author: Elber Tavares # Vendor Homepage: wwwtp-linkcom/ # Software Link: wwwtp-linkcom/br/support/download/tl-wr849n/#Firmware # Version: TL-WR849N 091 416 # Tested on: linux, windows # CVE : CVE-CVE-2019-19143 Upload ...
Exploit DB: TP-Link TL-WR849N 0.9.1 4.16 Authentication Bypass
TP-Link TL-WR849N version 091 416 suffers from a firmware upload authentication bypass vulnerability ...

Github Repositories

https://github.com/ElberTavares/routers-exploit

OpenSource Repo with PoC's and vulns found in routers TP LINK TL-WR849N - REMOTE COMMAND EXECUTION PoC [CVE-2020-9374] - TP LINK TL-WR849N - REMOTE COMMAND EXECUTION PoC Payload: "$(ls)" TP LINK TL-WR849N - Auth Bypass: Firmware and Configs update TP LINK TL-WR849N - REMOTE COMMAND EXECUTION PoC Payload: curl -X GET -H

References

CWE-306https://fireshellsecurity.team/hack-n-routers/http://packetstormsecurity.com/files/156586/TP-Link-TL-WR849N-0.9.1-4.16-Authentication-Bypass.htmlhttps://nvd.nist.govhttps://github.com/ElberTavares/routers-exploithttps://www.exploit-db.com/exploits/48152
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook