CVE-2021-31659

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG2005 version 1.0.0 Build 20180529 Rel.40524 TP-Link TL-SG2008 version 1.0.0 Build 20180529 Rel.40524

Description The issue allows for Cross Site Request Forgery (CSRF) attacks. Since all configuration information is placed in the URL without additional token authentication, a malicious link opened by the switch administrator can lead to the modification of the switch's password and tampering with the configuration file.

Recommendations For TP-Link TL-SG2005 version 1.0.0 Build 20180529 Rel.40524, avoid using links from untrusted sources to prevent potential CSRF attacks. For TP-Link TL-SG2008 version 1.0.0 Build 20180529 Rel.40524, avoid using links from untrusted sources to prevent potential CSRF attacks. As a temporary workaround, consider restricting access to the switch's configuration interface until a patch is available.