Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tl\-Wpa4220_firmware
(Tp\-Link)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-11-18 | CVE-2020-28005 | httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 | Tl\-Wpa4220_firmware | 6.5 | ||
| 2020-11-18 | CVE-2020-24297 | httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 | Tl\-Wpa4220_firmware | 8.8 | ||
| 2021-06-15 | CVE-2021-28857 | TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | Tl\-Wpa4220_firmware | 7.5 | ||
| 2021-06-15 | CVE-2021-28858 | TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. | Tl\-Wpa4220_firmware | 5.5 |