search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

TP-Link 8840T DSL router default remote management vulnerability

Vulnerability Note VU#834723

Original Release Date: 2012-04-02 | Last Revised: 2013-04-03

Overview

The TP-Link 8840T DSL router's remote management feature is enabled by default.

Description

The TP-Link 8840T DSL router allows remote (WAN) internet users access to the administrator web interface of the device by default.

Impact

A remote unauthenticated attacker may be able to access the administrator web interface of the device.

Solution

We are currently unaware of a practical solution to this problem.

Disable the remote management feature

We recommend users disable the remote management feature inside the administrator web interface of the device.

Vendor Information

834723
 
Expand all

TP-Link Affected

Notified:  February 03, 2012 Updated: March 27, 2012

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 6.8 E:F/RL:W/RC:C
Environmental 1.8 CDP:L/TD:L/CR:M/IR:M/AR:M

References

Acknowledgements

Thanks to Jakob Lell of TU Berlin AGRS for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Date Public: 2012-04-02
Date First Published: 2012-04-02
Date Last Updated: 2013-04-03 19:25 UTC
Document Revision: 12

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis