Tp Link · Tp-Link Archer C5 · CVE-2021-27210
Name of the Vulnerable Software and Affected Versions:
TP-Link Archer C5v version 1.7 181221
Description:
The issue allows remote attackers to retrieve cleartext credentials via `USER CFG#0,0,0,0,0,0#0,0,0,0,0,0` to the "/cgi?1&5" URI.
Recommendations:
For TP-Link Archer C5v version 1.7 181221, as a temporary workaround, consider restricting access to the "/cgi?1&5" URI until a patch is available. Avoid using the `USER CFG` variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.