CVE-2024-55211

HIGH

Think Router Tk-Rt-Wr135G V3.0.2-X000 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-55211. PoCs published by micaelmaciel.

AI-analyzed exploit summary The repository describes an authentication bypass vulnerability in Think Technology's Tk-Rt-Wr135G router (Firmware V3.0.2-X000) where modifying the 'LoginStatus' cookie from 'false' to 'true' grants unauthorized access. The PoC is conceptual, detailing attack vectors like DNS hijacking and firmware manipulation.

Description

An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.

Exploits (1)

nomisec WRITEUP 2 stars

by micaelmaciel · poc

https://github.com/micaelmaciel/CVE-2024-55211

View Code ZIP pw:eip

The repository describes an authentication bypass vulnerability in Think Technology's Tk-Rt-Wr135G router (Firmware V3.0.2-X000) where modifying the 'LoginStatus' cookie from 'false' to 'true' grants unauthorized access. The PoC is conceptual, detailing attack vectors like DNS hijacking and firmware manipulation.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Think Technology Wireless Router Ac 1199Mbps Tk-Rt-Wr135G (Firmware V3.0.2-X000)

No auth needed

Prerequisites: Access to the router's web interface · Ability to modify browser cookies

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/micaelmaciel/CVE-2024-55211

Scores

CVSS v3 8.4

EPSS 0.0024

EPSS Percentile 15.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-565

Status published

Products (1)

think/tk-rt-wr135g_firmware 3.0.2-x000

Published Apr 17, 2025

Tracked Since Feb 18, 2026