PT-2017-14984 · Tp Link · Tp-Link Tl-Sg108E

James Mclean

Published

2017-12-20

Updated

2019-10-03

CVE-2017-17746

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG108E version 1.0.0

Description The issue concerns weak access control methods. Specifically, if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway. As a result, any user behind that NAT gateway is also treated as authenticated, allowing them to access the device without entering user credentials.

Recommendations For TP-Link TL-SG108E version 1.0.0, consider restricting access to the device from NAT networks or implementing additional authentication measures to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2017-17746

Affected Products

Tp-Link Tl-Sg108E

PT-2017-14984 · Tp Link · Tp-Link Tl-Sg108E

CVE-2017-17746

Weakness Enumeration

Related Identifiers

Affected Products

References · 3