CVE-2021-28858

low-risk
Published 2021-06-15

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Tl-Wpa4220 Firmware

Affected Vendors

Tp-Link

References (2)

Exploit https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cleartext-transmission-of-...
Exploit https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cleartext-transmission-of-...
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal