PT-2021-17967 · Tp Link · Tl-Wpa4220

Published

2021-06-15

Updated

2021-06-23

CVE-2021-28857

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: TL-WPA4220 version 4.0.2 Build 20180308 Rel.37064

Description: The issue concerns the transmission of sensitive information, specifically the username and password, via a cookie. This could potentially expose user credentials to unauthorized access.

Recommendations: For TL-WPA4220 version 4.0.2 Build 20180308 Rel.37064, consider restricting access to the device until a fix is available, and avoid using the device for sensitive operations. As a temporary workaround, consider disabling the use of cookies for authentication until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2021-28857

Affected Products

Tl-Wpa4220

PT-2021-17967 · Tp Link · Tl-Wpa4220

CVE-2021-28857

Weakness Enumeration

Related Identifiers

Affected Products

References · 4