Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31658

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.

Published

2021-06-10T15:15:09.420

Last Modified

2024-11-21T06:06:05.207

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-129

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tp-link	tl-sg2005_firmware	1.0.0	Yes
Hardware	tp-link	tl-sg2005	-	No
Operating System	tp-link	tl-sg2008_firmware	1.0.0	Yes
Hardware	tp-link	tl-sg2008	-	No

References

http://tp-link.com Vendor Advisory ([email protected])
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658 Exploit, Third Party Advisory ([email protected])
http://tp-link.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)