Vulnerabilities > CVE-2024-22733 - NULL Pointer Dereference vulnerability in Tp-Link Mr200 Firmware 210201

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tp-link

CWE-476

NVD

Published: 2024-11-01

Updated: 2024-11-05

Summary

TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker.

Vulnerable Configurations

Part	Description	Count
OS	Tp-Link TP Link Mr200 Firmware 210201	1
Hardware	Tp-Link TP Link Mr200 4	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://lenoctambule.dev/post/dos-on-tp-link-web-admin-panel