CVE-2021-31659

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.

TP-Link TL-SG2005, TL-SG2008, etc. versiones 1.0.0 Build 20180529 Rel.40524 es vulnerable a taques de tipo Cross Site Request Forgery (CSRF). Toda la información de configuración se coloca en la URL, sin ninguna información adicional de autenticación de token. Un enlace malicioso abierto por el administrador del switch puede causar la modificación de la contraseña del switch y la manipulación del archivo de configuración

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-04-23 CVE Reserved
2021-06-10 CVE Published
2024-02-24 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659	2024-08-03

URL	Date	SRC

URL	Date	SRC
http://tp-link.com	2021-06-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tp-link Search vendor "Tp-link"	Tl-sg2005 Firmware Search vendor "Tp-link" for product "Tl-sg2005 Firmware"	1.0.0 Search vendor "Tp-link" for product "Tl-sg2005 Firmware" and version "1.0.0"	build_20180529_rel.40524	Affected	in	Tp-link Search vendor "Tp-link"	Tl-sg2005 Search vendor "Tp-link" for product "Tl-sg2005"	-	-	Safe
Tp-link Search vendor "Tp-link"	Tl-sg2008 Firmware Search vendor "Tp-link" for product "Tl-sg2008 Firmware"	1.0.0 Search vendor "Tp-link" for product "Tl-sg2008 Firmware" and version "1.0.0"	build_20180529_rel.40524	Affected	in	Tp-link Search vendor "Tp-link"	Tl-sg2008 Search vendor "Tp-link" for product "Tl-sg2008"	-	-	Safe