VYPR

TL-WPA4220

by TP-Link

CVEs (4)

  • CVE-2021-28857Jun 15, 2021
    risk 0.00cvss epss 0.01

    TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.

  • CVE-2021-28858Jun 15, 2021
    risk 0.00cvss epss 0.00

    TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.

  • CVE-2020-24297Nov 18, 2020
    risk 0.00cvss epss 0.04

    httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023

  • CVE-2020-28005Nov 18, 2020
    risk 0.00cvss epss 0.02

    httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023