CVE-2025-0730

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG108E versions 1.0.0 Build 20201208 Rel. 40304

Description A problematic vulnerability exists in the TP-Link TL-SG108E, affecting an unknown function within the /usr account set.cgi file of the HTTP GET Request Handler component. Manipulation of the username/password arguments in a GET request with sensitive query strings can lead to information disclosure. The attack is possible remotely, though considered complex and difficult to exploit. The exploit has been publicly disclosed.

Recommendations TP-Link TL-SG108E versions prior to 1.0.0 Build 20250124 Rel. 54920 (Beta) should be upgraded to version 1.0.0 Build 20250124 Rel. 54920 (Beta) to address this issue.