First published: Wed Jun 19 2019(Updated: )
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tp-link Tl-wr1043nd Firmware | =2.0 | |
TP-LINK TL-WR1043ND |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-6972 is high with a CVSS score of 7.5.
CVE-2019-6972 allows attackers to easily decode and crack credentials on TP-Link TL-WR1043ND V2 devices.
CVE-2019-6972 allows for easy decoding of credentials in the "Authorization" cookie on TP-Link TL-WR1043ND V2 devices, making them vulnerable to brute-force, WordList, or Rainbow Table attacks.
TP-Link TL-WR1043ND V2 devices with firmware version 2.0 are affected by CVE-2019-6972.
Yes, TP-Link TL-WR1043ND V2 devices are vulnerable to CVE-2019-6972.