Exploit for Classic Buffer Overflow in Tp-Link Tl-Wr940N_Firmware CVE-2024-54887

Name: Exploit for Classic Buffer Overflow in Tp-Link Tl-Wr940N_Firmware CVE-2024-54887
Rating: 5 (13 reviews)

2026-06-06 | CVSS 8.0

## https://sploitus.com/exploit?id=9F11057B-1156-5DBF-BADF-1F4374B44051
# CVE-2024-54887 TypeScript PoC

This repository contains a TypeScript (`ts-node`) rewrite of the public Python PoC for **CVE-2024-54887** (TP-Link TL-WR940N v3/v4 authenticated RCE).

## Prerequisites

- Node.js 20+

## Install

```sh
npm install
```

## Usage

```sh
npx ts-node .\cve-2024-54887.ts --ip 
```

Optional credentials:

```sh
npx ts-node .\cve-2024-54887.ts --ip  --username  --password 
```

Short flags are also available:

```sh
npx ts-node .\cve-2024-54887.ts -i  -u  -p 
```

Show help:

```sh
npx ts-node .\cve-2024-54887.ts --help
```

## What the script does

1. Logs in to the target router with MD5-hashed password auth.
2. Extracts the authenticated session path from the login response.
3. Builds and sends the crafted `Wan6to4TunnelCfgRpm.htm` payload.
4. Waits briefly, then indicates where to check for the bind shell (`port 4444`).