CVE-2023-50224

Confirmed PUBLISHED

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability

TP-Link · TL-WR841N

1 day faster than CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
6.5 Medium EPSS 17.5%

At a Glance

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.

cisa edge
CVE Published
May 03, 2024
Exploitation Reported
Jun 01, 2026
CVSS
6.5 Medium
EPSS
17.5%
Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
tp-link
tl-wr841n_firmware

0 to < 12.0

Affected
TP-Link
TL-WR841N

3.16.9 build 200409

Affected

CVE References

  • vendor-provided URL tp-link.com · Vendor Advisory https://www.tp-link.com/en/support/download/tl-wr841n/v12/#Firmware
  • ZDI-23-1808 zerodayinitiative.com · CVE Record https://www.zerodayinitiative.com/advisories/ZDI-23-1808/

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.