Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2021-31658 | First vendor Publication | 2021-06-10 |
| Vendor | Cve | Last vendor Modification | 2021-06-23 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 8.1 | ||
| Base Score | 8.1 | Environmental Score | 8.1 |
| impact SubScore | 5.2 | Temporal Score | 8.1 |
| Exploitabality Sub Score | 2.8 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | None |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.8 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31658 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-129 | Improper Validation of Array Index |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 1 |
Sources (Detail)
| Source | Url |
|---|---|
| MISC | http://tp-link.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658 |
Alert History
| Date | Informations |
|---|---|
| 2021-06-23 21:23:16 |
|
| 2021-06-10 21:23:08 |
|
