CVE-2017-9466
First published: Mon Jun 26 2017(Updated: )
The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TP-Link TL-WR841N V8 Firmware | <=tl-wr841n_v8_140724 | |
| TP-Link TL-WR841N |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-9466?
CVE-2017-9466 has a medium severity level due to the potential for unauthorized access to sensitive system settings.
How do I fix CVE-2017-9466?
To fix CVE-2017-9466, update the firmware of the TP-Link WR841N V8 router to a version released after TL-WR841N(UN)_V8_170210.
What are the consequences of CVE-2017-9466?
The consequences of CVE-2017-9466 include unauthorized read-write access to critical system configurations, potentially allowing an attacker to compromise the router.
Who is affected by CVE-2017-9466?
Users with the TP-Link WR841N V8 router running firmware version TL-WR841N V8_140724 or lower are affected by CVE-2017-9466.
What type of vulnerability is CVE-2017-9466?
CVE-2017-9466 is a design flaw related to the improper use of DES for block encryption, leading to access control issues.
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tp-link
- canonical/tp-link tl-wr841n v8 firmware
- version/tp-link tl-wr841n v8 firmware/tl-wr841n_v8_140724
- canonical/tp-link tl-wr841n