Cleartext Transmission Vulnerability in TP-Link TL-WPA4220
CVE-2021-28858

5.5MEDIUM

Key Information:

Vendor: Tp-link
Status: Tl-WPa4220 Firmware
Vendor: CVE Published:; 15 June 2021

Summary

The TP-Link TL-WPA4220 device, specifically version 4.0.2 Build 20180308 Rel.37064, is susceptible to a vulnerability due to its failure to implement SSL encryption by default. This weakness allows an attacker on the same local network to intercept and monitor unencrypted traffic, potentially gaining access to cookies and other sensitive user data. As a result, the integrity and confidentiality of communications are compromised, posing significant security risks for users.

References

https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cle...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2021
Vulnerability Reserved
Mar 19, 2021