Cross Site Request Forgery Vulnerability in TP-Link Switches
CVE-2021-31659

8.8HIGH

Key Information:

Vendor: Tp-link
Status: Tl-sg2005 Firmware
Vendor: CVE Published:; 10 June 2021

Summary

TP-Link's TL-SG2005 and TL-SG2008 switches are susceptible to a Cross Site Request Forgery vulnerability. This issue arises from the handling of configuration information within URLs, without implementing any form of token-based authentication. An attacker could exploit this vulnerability by tricking an authorized switch administrator into clicking a malicious link. This action may lead to unauthorized modification of the switch's password and tampering with configuration files, potentially compromising the integrity and security of network operations.

References

http://tp-link.com

x_refsource_MISC

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2021
Vulnerability Reserved
Apr 23, 2021