Vulnerability Details CVE-2021-31659
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2021-31659
-
cpe:2.3:h:tp-link:tl-sg2005:-
-
cpe:2.3:h:tp-link:tl-sg2008:-
-
cpe:2.3:o:tp-link:tl-sg2005_firmware:1.0.0
-
cpe:2.3:o:tp-link:tl-sg2008_firmware:1.0.0