Array Index Error in TP-Link Managed Switches
CVE-2021-31658

8.1HIGH

Key Information:

Vendor: Tp-link
Status: Tl-sg2005 Firmware
Vendor: CVE Published:; 10 June 2021

Summary

An array index error in TP-Link managed switches such as the TL-SG2005 and TL-SG2008 allows for improper handling of device description data. The vulnerable interface fails to filter special characters and only checks for data length, leading to application crashes and potential loss of all device configuration. This issue highlights the importance of secure coding practices to validate user inputs and protect critical device information from being compromised.

References

http://tp-link.com

x_refsource_MISC

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2021
Vulnerability Reserved
Apr 23, 2021