Critical Vulnerability in TP-Link TL-WR845N Routers: Hackers Can Gain Root Access

🔍 Researchers have discovered a serious security vulnerability in TP-Link TL-WR845N routers. This flaw allows attackers to gain full control over the router, monitor network traffic, and install malicious software.

Vulnerability Details

This vulnerability is identified as CVE-2024-57040 and has been assigned a CVSS score of 9.8 (Critical). According to security researchers, hardcoded root credentials have been found within the router’s firmware.

📂 These credentials are stored in the following files:
✅ squashfs-root/etc/passwd
✅ squashfs-root/etc/passwd.bak

🔑 Password: “1234”
👤 Username: “admin”

This means that experienced attackers can access these files, obtain root privileges, and take full control of the router.

Which Devices Are Affected?

📌 Security researchers confirmed that all versions of TP-Link TL-WR845N(UN) V4 are vulnerable:

🔴 TL-WR845N(UN)_V4_190219
🔴 TL-WR845N(UN)_V4_200909
🔴 TL-WR845N(UN)_V4_201214

If you own one of these devices, your router could be compromised!

How Attackers Can Exploit This Vulnerability

Researchers identified two main methods hackers can use to analyze the router’s firmware:

1️⃣ Physical Access

🔹 Attackers can extract the SPI Flash memory to retrieve and analyze the firmware files.

2️⃣ Downloading and Analyzing the Official TP-Link Firmware

🔹 The router’s firmware is publicly available on TP-Link’s official website.
🔹 It can be analyzed using tools like Binwalk.
🔹 Simple commands like cat passwd or cat passwd.bak can reveal the root username and password.

🚨 By using the UART port, attackers can gain root shell access and take full control of the router.

Potential Security Risks

❌ Installing Malicious Software – Attackers can modify the router’s firmware and install a backdoor for persistent access.

❌ Intercepting Network Traffic & Data Theft – Sensitive data, including login credentials and banking details, can be stolen.

❌ Targeting Other Devices in the Network – Once the router is compromised, attackers can launch attacks against other connected devices.

❌ Remote Exploitation – If combined with authentication bypass vulnerabilities, this flaw could allow remote attacks over the internet.

How to Protect Your Router

🔐 1️⃣ Change the default admin password to a strong, unique one.
🔐 2️⃣ Secure your router from physical tampering.
🔐 3️⃣ Disable remote access protocols such as SSH and Telnet.
🔐 4️⃣ Regularly monitor system logs for unauthorized access attempts.
🔐 5️⃣ Stay updated with TP-Link firmware releases and install security patches when available.

📌 Check for firmware updates via the router’s management interface:
🔗 http://tplinkwifi.net

The CVE-2024-57040 vulnerability in TP-Link routers poses a severe security risk to users. Attackers can gain full control over the device and steal confidential information.

🔴 If you own a TP-Link TL-WR845N(UN) V4 router, take immediate action to secure your device!

✅ Regularly update your router’s firmware and prioritize network security!