CVE-2021-31659

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
tp-linktl-sg2005_firmware
1.0.0:build_20180529_rel.40524
tp-linktl-sg2008_firmware
1.0.0:build_20180529_rel.40524
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tp-link.com
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659
http://tp-link.com
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659