PT-2017-18106 · Tp Link · Tp-Link Tl-Sg108E

Publicado

2017-04-23

Atualizado

2017-04-27

CVE-2017-8078

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG108E version 1.0 TP-Link TL-SG108E firmware 1.1.2 Build 20141017 Rel.50749

Description The issue allows the upgrade process to be requested remotely without authentication. This is achieved through the httpupg.cgi endpoint with a parameter called cmd.

Recommendations For TP-Link TL-SG108E version 1.0, restrict access to the httpupg.cgi endpoint to prevent unauthorized upgrade requests. For TP-Link TL-SG108E firmware 1.1.2 Build 20141017 Rel.50749, avoid using the cmd parameter in the httpupg.cgi endpoint until the issue is resolved.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2017-8078

Produtos afetados

Tp-Link Tl-Sg108E

PT-2017-18106 · Tp Link · Tp-Link Tl-Sg108E

CVE-2017-8078

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4