CVE-2021-31658

Published: Jun 10, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.

Affected (2)

Products: Tp Link: Tl Sg2005 Firmware, Tl Sg2008 Firmware

2 products

Tl Sg2005 Firmware

Tl Sg2008 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Tl Sg2005 Firmware	Version 1.0.0 build_20180529_rel.40524

Running on/with	Platform Versions
Tp Link Tl Sg2005	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Tl Sg2008 Firmware	Version 1.0.0 build_20180529_rel.40524

Running on/with	Platform Versions
Tp Link Tl Sg2008	All versions

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

http://tp-link.com

Source: cve@mitre.org

Vendor Advisory

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658

Source: cve@mitre.org

ExploitThird Party Advisory

http://tp-link.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.