TP-Link WR840N v6 Authentication Bypass Vulnerability in CGI Interfaces

An authentication bypass vulnerability has been identified in the TP-Link WR840N v6 router, specifically in firmware versions through 0.9.1 4.16. This vulnerability allows unauthorized users to access certain interfaces under the CGI directory by manipulating the Referer header. When the Referer is set to 'http://tplinkwifi.net', the request is accepted as authenticated, bypassing normal access controls.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive interfaces on the router, potentially allowing for further manipulation or extraction of information.

Reproduction

To reproduce this vulnerability, send a request to the router's CGI interface without the Referer header. The response will indicate a 403 Forbidden status, showing that access is denied. Then, resend the request, this time including the Referer header set to 'http://tplinkwifi.net'. The response should change to a 200 OK status, along with the requested information that typically requires authentication.