PT-2017-18106 · Tp Link · Tp-Link Tl-Sg108E

Published

2017-04-23

Updated

2017-04-27

CVE-2017-8078

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG108E version 1.0 TP-Link TL-SG108E firmware 1.1.2 Build 20141017 Rel.50749

Description The issue allows the upgrade process to be requested remotely without authentication. This is achieved through the httpupg.cgi endpoint with a parameter called cmd.

Recommendations For TP-Link TL-SG108E version 1.0, restrict access to the httpupg.cgi endpoint to prevent unauthorized upgrade requests. For TP-Link TL-SG108E firmware 1.1.2 Build 20141017 Rel.50749, avoid using the cmd parameter in the httpupg.cgi endpoint until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2017-8078

Affected Products

Tp-Link Tl-Sg108E

PT-2017-18106 · Tp Link · Tp-Link Tl-Sg108E

CVE-2017-8078

Weakness Enumeration

Related Identifiers

Affected Products

References · 4