Details of VAR-202106-1459

ID

VAR-202106-1459

CVE

CVE-2021-28858

TITLE

TP-Link TL-WPA4220 information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-43410 // CNNVD: CNNVD-202106-1285

DESCRIPTION

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. TP-Link TL-WPA4220 Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Tp-link TP-Link TL-WPA4220 is a domestic wireless WiFi bridge that can extend wireless signal from China's Tp-link company. The device can transmit data at high speed through the line, and expand the network to areas that cannot be covered at present. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2021-28858 // JVNDB: JVNDB-2021-008412 // CNVD: CNVD-2021-43410

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-43410

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wpa4220	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	tp link	model:	tl-wpa4220	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wpa4220	scope:	eq	version:	tl-wpa4220 firmware 4.0.2 build 20180308 rel.37064	Trust: 0.8
vendor:	tp link	model:	tl-wpa4220	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-43410 // JVNDB: JVNDB-2021-008412 // NVD: CVE-2021-28858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-28858
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-28858
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-43410
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1285
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-28858
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-43410
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-28858
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-28858
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-43410 // JVNDB: JVNDB-2021-008412 // CNNVD: CNNVD-202106-1285 // NVD: CVE-2021-28858

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008412 // NVD: CVE-2021-28858

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1285

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-1285

PATCH

title:

top page

url:

https://www.tp-link.com/jp/

Trust: 0.8

sources: JVNDB: JVNDB-2021-008412

EXTERNAL IDS

db:	NVD	id:	CVE-2021-28858	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-008412	Trust: 0.8
db:	CNVD	id:	CNVD-2021-43410	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1285	Trust: 0.6

sources: CNVD: CNVD-2021-43410 // JVNDB: JVNDB-2021-008412 // CNNVD: CNNVD-202106-1285 // NVD: CVE-2021-28858

REFERENCES

url:	https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cleartext-transmission-of-sensitive-information-40357c778b84	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28858	Trust: 1.4

sources: CNVD: CNVD-2021-43410 // JVNDB: JVNDB-2021-008412 // CNNVD: CNNVD-202106-1285 // NVD: CVE-2021-28858

SOURCES

db:	CNVD	id:	CNVD-2021-43410
db:	JVNDB	id:	JVNDB-2021-008412
db:	CNNVD	id:	CNNVD-202106-1285
db:	NVD	id:	CVE-2021-28858

LAST UPDATE DATE

2024-08-14T15:22:13.802000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-43410	date:	2021-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-008412	date:	2022-03-15T02:31:00
db:	CNNVD	id:	CNNVD-202106-1285	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-28858	date:	2021-06-23T19:49:34.073

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-43410	date:	2021-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-008412	date:	2022-03-15T00:00:00
db:	CNNVD	id:	CNNVD-202106-1285	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2021-28858	date:	2021-06-15T22:15:08.790