The TPLink tl-wr802n version 4.0 is vulnerable to authentication bypass via altering the referrer attribute.
I did not realize that this vulnerability had been previously disclosed except that the model mentioned above was not included or known about in the initial report. I am linking to securelayer7’s finding first so that you can read it.
http://blog.securelayer7.net/time-to-disable-tp-link-home-wifi-router/
I really wanted to like this device but I couldn’t make myself use it in a public setting. That being said tplink was very fast in providing a beta firmware for me to try which fixed the issue with this specific model.
As this vulnerability has been covered in depth, I will just provide the request screenshots of the Authenticated, Unauthenticated, and Bypass in Burp.
Authenticated
Unauthenticated
Next all that is required is to add the Referer: http://192.168.0.1/mainFrame.htm to the request and you will be allowed access to most functions, again check securelayer7’s post about this as it has been tested in depth.
Bypass
Matt Landers 