TP-Link’s TL-WPA4220 V4.0 Cleartext Transmission of Sensitive Information

Yunus Şahin
Mar 15, 2021

--

Model: TL-WPA4220

Firmware: 4.0.2 Build 20180308 Rel.37064

Hardware: Version: TL-WPA4220 v4.0

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28858

Update: https://static.tp-link.com/beta/2021/202103/20210316/wpa4220v3_eu-up-ver1-0-0-P1-20210316-rel53466-APPLC.zip

TP-Link’s TL-WPA4220 V4.0 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.

--

--