CVE-2017-8078

MEDIUM

Tp-link Tl-sg108e Firmware - Authentication Bypass

Title source: rule

Description

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

References (2)

[Third Party Advisory, Vendor Advisory] http://www.securityfocus.com/bid/97985

[Exploit, Technical Description, Third Party Advisory] https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/

Scores

CVSS v3 5.3

EPSS 0.0034

EPSS Percentile 56.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-287

Status draft

Affected Products (1)

tp-link/tl-sg108e_firmware

Timeline

Published Apr 23, 2017

Tracked Since Feb 18, 2026