8.8

CVE-2021-31659

Exploit
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkTl-sg2005 Firmware Version1.0.0 Updatebuild_20180529_rel.40524
   Tp-linkTl-sg2005 Version-
Tp-linkTl-sg2008 Firmware Version1.0.0 Updatebuild_20180529_rel.40524
   Tp-linkTl-sg2008 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.423
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659
Third Party Advisory
Exploit