CVE-2021-27209

7.1HIGH

Key Information:

Vendor
Tp-link
Status
Archer C5v Firmware
Vendor
CVE Published:
13 February 2021

Summary

In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.

References

https://gokay.org/tp-link-archer-c5v-base64-cookie/
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.