diff --git a/README.md b/README.md
new file mode 100644
index 0000000..28e4635
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+TP-Link exploit gets conf.bin without authentication.
+
+If any attacker sends Referer Header with its request and sets Referer:
+http://192.168.0.1/mainFrame.htm  its no authentication required and an
+attacker can do router's action without authentication.
+below are some of few examples you can see. But the attacker can do mostly
+all of the action on a router without Authentication.
+
+Vulnerable devices: 
+
+*TL-WR840N
+
+*TL-WR841N
+
+*WL-WA850RE