Sign-up

ID

VAR-202206-2410


TITLE

Multiple TP-Link Wireless Extenders Unauthorized Configuration File Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-48386

DESCRIPTION

TP-Link WA850RE, etc. are all wireless extenders under TP-Link. Several wireless extenders have unauthorized configuration file disclosure vulnerabilities. Remote attackers can use the vulnerability to access specific routes to unauthorizedly download the configuration file of the target device. The configuration file is encrypted with a hard-coded KEY and decrypted to obtain Wi-Fi Sensitive information such as password (plain text) and Web management system password (MD5).

Trust: 0.6

sources: CNVD: CNVD-2022-48386

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-48386

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wa850rescope:eqversion:v5.0

Trust: 0.6

vendor:tp linkmodel:tl-wa850rescope:eqversion:v4.0

Trust: 0.6

vendor:tp linkmodel:tl-wa850rescope:eqversion:v3.0

Trust: 0.6

vendor:tp linkmodel:re450scope:eqversion:v2.0

Trust: 0.6

vendor:tp linkmodel:re305scope:eqversion:v1.0

Trust: 0.6

vendor:tp linkmodel:re650scope:eqversion:v1.0

Trust: 0.6

sources: CNVD: CNVD-2022-48386

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2022-48386
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2022-48386
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2022-48386

PATCH

title:Patch for Multiple TP-Link Wireless Extenders Unauthorized Configuration File Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/337891

Trust: 0.6

sources: CNVD: CNVD-2022-48386

EXTERNAL IDS

db:CNVDid:CNVD-2022-48386

Trust: 0.6

sources: CNVD: CNVD-2022-48386

SOURCES

db:CNVDid:CNVD-2022-48386

LAST UPDATE DATE

2023-09-28T22:58:03.094000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-48386date:2022-06-30T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-48386date:2022-06-30T00:00:00