Home
HIGH: 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:NDefault status
unaffected
Any version before 3.14.111
affected
Default status
unaffected
Any version before 3.4.350
affected
Default status
unaffected
Any version before 4.25.25
affected
Default status
unaffected
Any version before 1.1.28
affected
Default status
unaffected
Any version before 4.12.27
affected
Default status
unaffected
Any version before 3.9.163
affected
Default status
unaffected
Any version before 2.13.6
affected
Default status
unaffected
Any version before 3.2.17
affected
Default status
unaffected
Any version before 1.4.28
affected
Default status
unaffected
Any version before 1.7.1
affected
Default status
unaffected
Any version before 1.5.5
affected
Default status
unaffected
Any version before 1.1.21
affected
Default status
unaffected
Any version before 2.0.1
affected
Default status
unaffected
Any version before 2.7.70
affected
Description
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.
Problem types
CWE-295 Improper Certificate Validation
Product status
Any version before 3.14.111
Any version before 3.4.350
Any version before 4.25.25
Any version before 1.1.28
Any version before 4.12.27
Any version before 3.9.163
Any version before 2.13.6
Any version before 3.2.17
Any version before 1.4.28
Any version before 1.7.1
Any version before 1.5.5
Any version before 1.1.21
Any version before 2.0.1
Any version before 2.7.70
Credits
Francesco La Spina, Stanislav Dashevskyi from Forescout Technologies
References
www.tp-link.com/us/support/faq/4969/