search menu icon-carat-right cmu-wordmark

CERT Coordination Center

TP-Link 8840T DSL router default remote management vulnerability

Vulnerability Note VU#834723

Original Release Date: 2012-04-02 | Last Revised: 2013-04-03


The TP-Link 8840T DSL router's remote management feature is enabled by default.


The TP-Link 8840T DSL router allows remote (WAN) internet users access to the administrator web interface of the device by default.


A remote unauthenticated attacker may be able to access the administrator web interface of the device.


We are currently unaware of a practical solution to this problem.

Disable the remote management feature

We recommend users disable the remote management feature inside the administrator web interface of the device.

Vendor Information


TP-Link Affected

Notified:  February 03, 2012 Updated: March 27, 2012



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 6.8 E:F/RL:W/RC:C
Environmental 1.8 CDP:L/TD:L/CR:M/IR:M/AR:M



Thanks to Jakob Lell of TU Berlin AGRS for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Date Public: 2012-04-02
Date First Published: 2012-04-02
Date Last Updated: 2013-04-03 19:25 UTC
Document Revision: 12

Sponsored by CISA.