CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 1CVE-2017-17746
https://notcve.org/view.php?id=CVE-2017-17746
20 Dec 2017 — Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated. Métodos de control de acceso deficientes en TP-Link TL-SG108E 1.0.0 permiten que cu... • http://seclists.org/fulldisclosure/2017/Dec/67 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2017-17747 – TP-Link TL-SG108E XSS / Weak Access Control
https://notcve.org/view.php?id=CVE-2017-17747
20 Dec 2017 — Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. Controles de acceso débiles en la funcionalidad de cierre de sesión del dispositivo en TP-Link TL-SG108E v1.0.0 permiten a los atacantes remotos llamar a la funcionalidad de cierre de sesión, desencadenando una condición de denegación de servicio. TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from c... • https://packetstorm.news/files/id/145503 • CWE-306: Missing Authentication for Critical Function •