CVE-2021-27210

TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
tp-linkarcher_c5v_firmware
1.7_181221:_181221
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gokay.org/tp-links-archer-c5v-improper-authorization/
https://gokay.org/tp-links-archer-c5v-improper-authorization/