Cleartext Credential Transmission in TP-Link's TL-WPA4220
CVE-2021-28857

7.5HIGH

Key Information:

Vendor: Tp-link
Status: Tl-WPa4220 Firmware
Vendor: CVE Published:; 15 June 2021

Summary

The TP-Link TL-WPA4220 device has a significant security flaw where sensitive login information, including usernames and passwords, are transmitted in cleartext within HTTP cookies. This vulnerability exposes users to potential unauthorized access and attacks, as attackers could easily intercept the cookies to obtain credentials without any encryption or security measures in place.

References

https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cle...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2021
Vulnerability Reserved
Mar 19, 2021