CVE-2024-55211
Description
An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Think Router/Tk-Rt-Wr135Gdescription
- Range: = 3.0.2-X000
Patches
Vulnerability mechanics
Root cause
"The router fails to properly validate the LoginStatus cookie, allowing an attacker to bypass authentication."
Attack vector
An attacker can exploit this vulnerability by modifying the LoginStatus cookie in their web browser or using a cookie inspector. By changing the cookie's value from 'false' to 'true', the attacker can gain authenticated access to the router's administrative interface. This allows for various attack vectors, including DNS hijacking, unauthorized firmware updates, and direct unauthenticated requests to the router [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. Users are advised to consult the vendor for remediation guidance. Without a patch, it is not possible to describe the specific changes that close the vulnerability.
Preconditions
- networkThe attacker must have network access to the router.
- authThe attacker does not need any prior authentication to exploit this vulnerability.
Generated on Jun 10, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
News mentions
0No linked articles in our index yet.