CVE-2021-31659 — HIGH (8.8)

Vulnerability Description

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tp-Link	Tl-Sg2005 Firmware	1.0.0
Tp-Link	Tl-Sg2005	-
Tp-Link	Tl-Sg2008 Firmware	1.0.0
Tp-Link	Tl-Sg2008	-

Related Weaknesses (CWE)

CWE-352

References

http://tp-link.comVendor Advisory
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659ExploitThird Party Advisory
http://tp-link.comVendor Advisory
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659ExploitThird Party Advisory

FAQ

What is CVE-2021-31659?

CVE-2021-31659 is a vulnerability with a CVSS score of 8.8 (HIGH). TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token a...

How severe is CVE-2021-31659?

CVE-2021-31659 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-31659?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Sg2005 Firmware, Tp-Link Tl-Sg2005, Tp-Link Tl-Sg2008 Firmware, Tp-Link Tl-Sg2008.