CVE-2021-28858

EUVD-2021-15512
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
tp-linktl-wpa4220_firmware
4.0.2:build_20180308_rel.37064
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cleartext-transmission-of-sensitive-information-40357c778b84
https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cleartext-transmission-of-sensitive-information-40357c778b84