Vulnerabilities > TP Link > TL Wpa4220 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-15 | CVE-2021-28857 | Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | 5.0 |
| 2021-06-15 | CVE-2021-28858 | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. | 2.1 |
| 2020-11-18 | CVE-2020-28005 | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wpa4220 Firmware httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. | 3.5 |
| 2020-11-18 | CVE-2020-24297 | OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. | 9.0 |