CVE-2017-8078
MEDIUMTP-Link TL-SG108E Firmware 1.1.2 Build 20141017 Rel.50749 - Unauthenticated Firmware Upgrade via httpupg.cgi
Title source: llmDescription
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
References (2)
Core 2
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/
Third Party Advisory, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97985
Scores
CVSS v3
5.3
EPSS
0.0034
EPSS Percentile
57.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (1)
tp-link/tl-sg108e_firmware
1.1.2
Published
Apr 23, 2017
Tracked Since
Feb 18, 2026