What is the severity of CVE-2024-57040?

CVE-2024-57040 has a high severity due to the presence of a hardcoded password for the root account.

How do I fix CVE-2024-57040?

To fix CVE-2024-57040, update your TL-WR845N router to a version that does not contain the hardcoded password.

What devices are affected by CVE-2024-57040?

CVE-2024-57040 affects the TP-Link TL-WR845N routers with firmware versions between V4_190219 and V4_200909.

Can CVE-2024-57040 be exploited easily?

Yes, CVE-2024-57040 can be exploited easily through brute force attacks to gain unauthorized access to the root account.

What are the potential risks of CVE-2024-57040?

The risks associated with CVE-2024-57040 include unauthorized access to the router’s settings, leading to network compromise.

Vulnerability/
CVE-2024-57040

critical

9.8

CWE

798

26/2/2025

7/4/2025

CVE-2024-57040

First published: Wed Feb 26 2025(Updated: )

TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
TP-Link WR845N Firmware	>=V4_190219<=V4_200909
All of
Any of
TP-Link TL-WR845N Firmware	=190219
TP-Link TL-WR845N Firmware	=200909
TP-Link TL-WR845N Firmware	=201214
TP-Link WR845N Firmware	=4.0

Never miss a vulnerability like this again

Reference Links

https://security.iiita.ac.in/iot/hashed_password.pdf

Frequently Asked Questions

What is the severity of CVE-2024-57040?
CVE-2024-57040 has a high severity due to the presence of a hardcoded password for the root account.
How do I fix CVE-2024-57040?
To fix CVE-2024-57040, update your TL-WR845N router to a version that does not contain the hardcoded password.
What devices are affected by CVE-2024-57040?
CVE-2024-57040 affects the TP-Link TL-WR845N routers with firmware versions between V4_190219 and V4_200909.
Can CVE-2024-57040 be exploited easily?
Yes, CVE-2024-57040 can be exploited easily through brute force attacks to gain unauthorized access to the root account.
What are the potential risks of CVE-2024-57040?
The risks associated with CVE-2024-57040 include unauthorized access to the router’s settings, leading to network compromise.

agent/first-publish-date
agent/type
agent/references
agent/author
agent/source
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
vendor/tp-link
canonical/tp-link wr845n firmware
canonical/tp-link tl-wr845n firmware
version/tp-link tl-wr845n firmware/190219
version/tp-link tl-wr845n firmware/200909
version/tp-link tl-wr845n firmware/201214
version/tp-link wr845n firmware/4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.