Cve: CVE-2021-27209
Model: TP-Link Archer C5v
Firmware Version: v1.7_181221
Hardware Version: Archer C5v v1 00000000
Archer C5v stores the authenticated user’s credential information within the management interface’s cookie by encoding it with base64. When the cookie is decoded, the user’s username and password can be accessed in cleartext.
Archer C5v does not use SSL by default in the management interface. Therefore, an attacker on the local network can monitor the traffic and capture the cookie, granting the attacker access to the management interface.
