LiveActive security incident?Get immediate response
CVE Record

CVE-2021-31658: TP-Link TL-SG2005, TL-SG2008, etc.

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2021-31658 can crash certain TP-Link small business switches and erase all device configuration information when malformed input reaches the device description function. The public record names TL-SG2005 and TL-SG2008, with “etc.”, on build 1.0.0 Build 20180529 Rel.40524. Public sources do not confirm active exploitation or a vendor fix.

Executive priority

Treat as a targeted resilience issue for affected TP-Link switches. It is not confirmed as actively exploited, but a crash plus configuration wipe can cause network outage and recovery delays. Prioritize inventory, management-plane restriction, backups, and vendor firmware checks.

Technical view

The CVE describes an array index error in the interface providing the “device description” function. It validates input length but does not filter special characters, leading to application crash and configuration erasure. Affected scope is imprecise: TP-Link TL-SG2005, TL-SG2008, etc., version 1.0.0 Build 20180529 Rel.40524.

Likely exposure

Exposure is most likely where affected TP-Link switch management interfaces are reachable by administrators, internal users, or broader networks. Internet exposure would increase risk, but the sources do not state whether authentication is required or whether remote unauthenticated access is possible.

Exploitation context

No CISA KEV listing is present, and the provided sources do not state active exploitation. A public GitHub reference exists for the CVE, but this assessment does not rely on or reproduce exploit details. Business impact is service disruption and loss of switch configuration.

Researcher notes

Public evidence is sparse. The CVE lacks CVSS, CWE, authentication requirements, and precise affected product list beyond named models and “etc.” Avoid expanding scope without vendor confirmation. Validate only in authorized lab conditions because the reported failure mode erases configuration.

Mitigation direction

  • Identify TP-Link TL-SG2005, TL-SG2008, and related models running the cited build.
  • Check TP-Link support channels for firmware updates or advisories before making changes.
  • Restrict switch management access to trusted administration networks only.
  • Ensure current offline backups of switch configurations exist.
  • Prioritize exposed or business-critical switches for review first.

Validation and detection

  • Inventory switch model names and firmware build strings.
  • Confirm whether any devices run 1.0.0 Build 20180529 Rel.40524.
  • Review network paths to each device management interface.
  • Verify configuration backups can be restored successfully.
  • Document vendor guidance or firmware status for each affected device.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-31658 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
2Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.