CVE-2019-16893

HIGH

TP-Link TP-SG105E V4 1.0.0 Build 20181120 - Unauthenticated Device Reboot via reboot.cgi

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16893. PoCs published by PCEumel.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote reboot vulnerability in TP-Link TP-SG105E V4 1.0.0 by sending a crafted HTTP POST request to the device's internal API endpoint. The vulnerability arises from improper access restrictions, allowing an attacker to reboot the device without authentication.

Description

The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.

Exploits (1)

exploitdb WORKING POC

by PCEumel · textwebappshardware

https://www.exploit-db.com/exploits/47958

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated remote reboot vulnerability in TP-Link TP-SG105E V4 1.0.0 by sending a crafted HTTP POST request to the device's internal API endpoint. The vulnerability arises from improper access restrictions, allowing an attacker to reboot the device without authentication.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: TP-Link TP-SG105E V4 1.0.0 Build 20181120

No auth needed

Prerequisites: Network access to the target device · Knowledge of the target device's IP address

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Patch, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://exploit-db.com/exploits/47958

Scores

CVSS v3 7.5

EPSS 0.3782

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-306

Status published

Products (1)

tp-link/tp-sg105e_firmware 1.0.0 build_20181120

Published Feb 03, 2020

Tracked Since Feb 18, 2026