CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0730 – TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query strings
https://notcve.org/view.php?id=CVE-2025-0730
27 Jan 2025 — A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20sensitive%20info%20in%20GET.md • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0729 – TP-Link TL-SG108E clickjacking
https://notcve.org/view.php?id=CVE-2025-0729
27 Jan 2025 — A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. • https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 1CVE-2017-17746
https://notcve.org/view.php?id=CVE-2017-17746
20 Dec 2017 — Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated. Métodos de control de acceso deficientes en TP-Link TL-SG108E 1.0.0 permiten que cu... • http://seclists.org/fulldisclosure/2017/Dec/67 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2017-17745 – TP-Link TL-SG108E XSS / Weak Access Control
https://notcve.org/view.php?id=CVE-2017-17745
20 Dec 2017 — Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. Vulnerabilidad Cross-Site Scripting (XSS) en system_name_set.cgi en TP-Link TL-SG108E 1.0.0 permite que atacantes remotos envíen scripts java arbitrarios mediante el parámetro sysName. TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities. • https://packetstorm.news/files/id/145503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2017-17747 – TP-Link TL-SG108E XSS / Weak Access Control
https://notcve.org/view.php?id=CVE-2017-17747
20 Dec 2017 — Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. Controles de acceso débiles en la funcionalidad de cierre de sesión del dispositivo en TP-Link TL-SG108E v1.0.0 permiten a los atacantes remotos llamar a la funcionalidad de cierre de sesión, desencadenando una condición de denegación de servicio. TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from c... • https://packetstorm.news/files/id/145503 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8074
https://notcve.org/view.php?id=CVE-2017-8074
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. On TP-Link TL-SG108E 1.0, un atacante remoto podría recuperar las credenciales de las líneas de registro de "SEND data" donde las contraseñas están codificadas en hexadecimal. Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749. • http://www.securityfocus.com/bid/97981 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8075
https://notcve.org/view.php?id=CVE-2017-8075
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. En el TP-Link TL-SG108E 1.0, un atacante remoto podría recuperar las credenciales de las líneas de registro de "Switch Info" donde las contraseñas están en texto sin cifrar. Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749. • http://www.securityfocus.com/bid/97983 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8077
https://notcve.org/view.php?id=CVE-2017-8077
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. En TP-Link TL-SG108E 1.0, hay una clave de cifrado codificada (una cadena larga que comienza con Ei2HNryt). Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749 • https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8076
https://notcve.org/view.php?id=CVE-2017-8076
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. En TP-Link TL-SG108E 1.0, las comunicaciones de red de administración están codificadas en RC4, aunque RC4 está obsoleto. Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749. • https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link • CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8078
https://notcve.org/view.php?id=CVE-2017-8078
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. En TP-Link TL-SG108E versión 1.0, el proceso de actualización se puede solicitar de forma remota sin autenticación (httpupg.cgi con un parámetro llamado cmd). Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749. • http://www.securityfocus.com/bid/97985 • CWE-287: Improper Authentication •