Model: S9922L

Firmware: 16.10.3(3794)

Hardware: Version: 1.0

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36165

RICON Industrial Cellular Router sends username and password as base64.


Model: TL-WPA4220

Firmware: 4.0.2 Build 20180308 Rel.37064

Hardware: Version: TL-WPA4220 v4.0

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28858

Update: https://static.tp-link.com/beta/2021/202103/20210316/wpa4220v3_eu-up-ver1-0-0-P1-20210316-rel53466-APPLC.zip

TP-Link’s TL-WPA4220 V4.0 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.


Model: TL-WPA4220

Firmware: 4.0.2 Build 20180308 Rel.37064

Hardware: Version: TL-WPA4220 v4.0

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28857

Update: https://static.tp-link.com/beta/2021/202103/20210316/wpa4220v3_eu-up-ver1-0-0-P1-20210316-rel53466-APPLC.zip

TP-Link’s TL-WPA4220 V4.0 username and password are sent via the cookie.

Yunus Şahin

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store