CVE-2021-31658
HIGHTP-Link TL-SG2005/TL-SG2008 Firmware 1.0.0 DoS via Device Description
Title source: llmDescription
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://tp-link.com
Exploit, Third Party Advisory x_refsource_misc
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658
Scores
CVSS v3
8.1
EPSS
0.0029
EPSS Percentile
52.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Details
CWE
CWE-129
Status
published
Products (2)
tp-link/tl-sg2005_firmware
1.0.0 build_20180529_rel.40524
tp-link/tl-sg2008_firmware
1.0.0 build_20180529_rel.40524
Published
Jun 10, 2021
Tracked Since
Feb 18, 2026