TL-WPA4220
by TP-Link
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-28857 | 0.00 | — | 0.01 | Jun 15, 2021 | TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | |||
| CVE-2021-28858 | 0.00 | — | 0.00 | Jun 15, 2021 | TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. | |||
| CVE-2020-24297 | 0.00 | — | 0.04 | Nov 18, 2020 | httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 | |||
| CVE-2020-28005 | 0.00 | — | 0.02 | Nov 18, 2020 | httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 |
- CVE-2021-28857Jun 15, 2021risk 0.00cvss —epss 0.01
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.
- CVE-2021-28858Jun 15, 2021risk 0.00cvss —epss 0.00
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.
- CVE-2020-24297Nov 18, 2020risk 0.00cvss —epss 0.04
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023
- CVE-2020-28005Nov 18, 2020risk 0.00cvss —epss 0.02
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023