CVE-2021-31658 - OpenCVE

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tp-link	Tl-sg2005 Firmware Tl-sg2008 Firmware Tl-sg2005 Tl-sg2008

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:tl-sg2005_firmware:1.0.0:build_20180529_rel.40524:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-sg2005:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:tl-sg2008_firmware:1.0.0:build_20180529_rel.40524:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-sg2008:-:*:*:*:*:*:*:*

References

Link	Resource
http://tp-link.com	Vendor Advisory
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-10T14:24:19

Updated: 2021-06-10T14:24:19

Reserved: 2021-04-23T00:00:00

Link: CVE-2021-31658

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-10T15:15:09.420

Modified: 2021-06-23T14:54:45.013

Link: CVE-2021-31658

JSON object: View

Redhat Information

No data.

CWE

CWE-129

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the \"device description\" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-10T14:24:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://tp-link.com"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the \"device description\" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tp-link.com", "refsource": "MISC", "url": "http://tp-link.com"}, {"name": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658", "refsource": "MISC", "url": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31658", "datePublished": "2021-06-10T14:24:19", "dateReserved": "2021-04-23T00:00:00", "dateUpdated": "2021-06-10T14:24:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-sg2005_firmware:1.0.0:build_20180529_rel.40524:*:*:*:*:*:*", "matchCriteriaId": "E8150744-4213-428D-8411-F3A506FBE20D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-sg2005:-:*:*:*:*:*:*:*", "matchCriteriaId": "73489BCA-57B8-4418-A61A-BF4599F575D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-sg2008_firmware:1.0.0:build_20180529_rel.40524:*:*:*:*:*:*", "matchCriteriaId": "77DD8C98-211B-4E6B-AFAE-1D49D7EA8574", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-sg2008:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B0AC813-1BE8-48D0-AD7C-AA443FB307E6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the \"device description\" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased."}, {"lang": "es", "value": "TP-Link TL-SG2005, TL-SG2008, etc. versiones 1.0.0 Build 20180529 Rel.40524 est\u00e1 afectado por un error de \u00edndice de matriz. La interfaz que proporciona la funci\u00f3n \"device description\" s\u00f3lo juzga la longitud de los datos recibidos, y no filtra los caracteres especiales. Esta vulnerabilidad causar\u00e1 que la aplicaci\u00f3n se bloquee y toda la informaci\u00f3n de configuraci\u00f3n del dispositivo ser\u00e1 borrada"}], "id": "CVE-2021-31658", "lastModified": "2021-06-23T14:54:45.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-10T15:15:09.420", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://tp-link.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-31658"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "nvd@nist.gov", "type": "Primary"}]}