CVE-2021-31659
HIGHTP-Link TL-SG2005 and TL-SG2008 Firmware 1.0.0 Build 20180529 Rel.40524 - Cross-Site Request Forgery
Title source: llmDescription
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://tp-link.com
Exploit, Third Party Advisory x_refsource_misc
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31659
Scores
CVSS v3
8.8
EPSS
0.0010
EPSS Percentile
28.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (2)
tp-link/tl-sg2005_firmware
1.0.0 build_20180529_rel.40524
tp-link/tl-sg2008_firmware
1.0.0 build_20180529_rel.40524
Published
Jun 10, 2021
Tracked Since
Feb 18, 2026