Tp-Link: >> Tl-Wpa4220 Firmware >> 4.0.2 Security Vulnerabilities
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-15
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-06-15
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023
CVSS Score
8.8
EPSS Score
0.018
Published
2020-11-18
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023
CVSS Score
6.5
EPSS Score
0.009
Published
2020-11-18