CVE-2023-50224
MEDIUM KEVTP-Link TL-WR841N Firmware - Unauthenticated Authentication Bypass via HTTPD Service
Title source: llmExploitation Summary
CVE-2023-50224 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 3, 2025.
Description
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.
References (3)
Core 3
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-50224
Third Party Advisory x_research-advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1808/
Product vendor-advisory
https://www.tp-link.com/en/support/download/tl-wr841n/v12/#Firmware
Scores
CVSS v3
6.5
EPSS
0.0146
EPSS Percentile
81.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2025-09-03
VulnCheck KEV
2025-08-29
ENISA EUVD
EUVD-2023-55046
CWE
CWE-290
Status
published
Products (1)
tp-link/tl-wr841n_firmware
3.16.9 build_200409
Published
May 03, 2024
KEV Added
Sep 03, 2025
Tracked Since
Feb 18, 2026