PT-2021-19464 · Tp Link · Tp-Link Tl-Sg2005+1
Liyansong2018
·
Published
2021-06-10
·
Updated
2021-06-23
·
CVE-2021-31658
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TP-Link TL-SG2005 version 1.0.0 Build 20180529 Rel.40524
TP-Link TL-SG2008 version 1.0.0 Build 20180529 Rel.40524
Description
The issue is caused by an Array index error in the interface that provides the device description function. This function only checks the length of the received data and does not filter special characters, leading to a crash of the application and erasure of all device configuration information.
Recommendations
For TP-Link TL-SG2005 version 1.0.0 Build 20180529 Rel.40524, consider disabling the device description function until a patch is available to prevent potential crashes and data loss.
For TP-Link TL-SG2008 version 1.0.0 Build 20180529 Rel.40524, consider disabling the device description function until a patch is available to prevent potential crashes and data loss.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Tl-Sg2005
Tp-Link Tl-Sg2008