CVE-2021-31658

8.1HIGH

Key Information:

Vendor: Tp-link
Status: Tl-sg2005 Firmware
Vendor: CVE Published:; 10 June 2021

Summary

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.

References

http://tp-link.com

x_refsource_MISC

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2021
Vulnerability Reserved
Apr 23, 2021