What is the severity of CVE-2021-27209?

CVE-2021-27209 has a medium severity rating due to the risk of credential exposure.

What devices are affected by CVE-2021-27209?

CVE-2021-27209 specifically affects TP-Link Archer C5v devices running firmware version 1.7_181221.

How do I fix CVE-2021-27209?

To fix CVE-2021-27209, upgrade your TP-Link Archer C5v device to a firmware version that is not vulnerable.

What impact does CVE-2021-27209 have on my device?

CVE-2021-27209 allows attackers to intercept base64 encoded credentials sent over unencrypted HTTP.

Is there a workaround for CVE-2021-27209?

A temporary workaround for CVE-2021-27209 includes using HTTPS for accessing the management interface if available.

Vulnerability/
CVE-2021-27209

high

7.1

CWE

319

13/2/2021

3/8/2024

CVE-2021-27209

First published: Sat Feb 13 2021(Updated: )

In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
TP-Link Archer C5v AC1200	=1.7_181221
TP-Link Archer C5v AC1200	=1.0

Never miss a vulnerability like this again

Reference Links

https://gokay.org/tp-link-archer-c5v-base64-cookie/

Frequently Asked Questions

What is the severity of CVE-2021-27209?
CVE-2021-27209 has a medium severity rating due to the risk of credential exposure.
What devices are affected by CVE-2021-27209?
CVE-2021-27209 specifically affects TP-Link Archer C5v devices running firmware version 1.7_181221.
How do I fix CVE-2021-27209?
To fix CVE-2021-27209, upgrade your TP-Link Archer C5v device to a firmware version that is not vulnerable.
What impact does CVE-2021-27209 have on my device?
CVE-2021-27209 allows attackers to intercept base64 encoded credentials sent over unencrypted HTTP.
Is there a workaround for CVE-2021-27209?
A temporary workaround for CVE-2021-27209 includes using HTTPS for accessing the management interface if available.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/references
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/tp-link
canonical/tp-link archer c5v ac1200
version/tp-link archer c5v ac1200/1.7_181221
version/tp-link archer c5v ac1200/1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2021-27209?
CVE-2021-27209 has a medium severity rating due to the risk of credential exposure.
What devices are affected by CVE-2021-27209?
CVE-2021-27209 specifically affects TP-Link Archer C5v devices running firmware version 1.7_181221.
How do I fix CVE-2021-27209?
To fix CVE-2021-27209, upgrade your TP-Link Archer C5v device to a firmware version that is not vulnerable.
What impact does CVE-2021-27209 have on my device?
CVE-2021-27209 allows attackers to intercept base64 encoded credentials sent over unencrypted HTTP.
Is there a workaround for CVE-2021-27209?
A temporary workaround for CVE-2021-27209 includes using HTTPS for accessing the management interface if available.