CVE-2021-31658

Опубликовано: 10 июн. 2021

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.

Ссылки

http://tp-link.com
Vendor Advisory
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658
Exploit
Third Party Advisory
http://tp-link.com
Vendor Advisory
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:tl-sg2005_firmware:1.0.0:build_20180529_rel.40524:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-sg2005:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:tp-link:tl-sg2008_firmware:1.0.0:build_20180529_rel.40524:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-sg2008:-:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00291

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-129

Связанные уязвимости

GHSA-w3x9-635p-2982

github

больше 3 лет назад