Vulnerabilities for Tl-sg108e firmware (...) - CXSECURITY.COM

Vulnerabilities for 'Tl-sg108e firmware'

2017-12-20

CVE-2017-17747

CWE-306

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.

CVE-2017-17746

CWE-306

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.

CVE-2017-17745

CWE-79

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.

2017-04-23

CVE-2017-8078

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8077

CWE-798

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8076

On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8075

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8074

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

>>> Vendor: Tp-link 180 Products

Tl-wr841n firmware

Tl-wdr4300 firmware

Tl-wr740n firmware

Tl-wr840n firmware

Tl-wrd741nd (5.0)

Archer c5 (1.2) firmware

Archer c7 (2.0) firmware

Archer c8 (1.0) firmware

Archer c9 (1.0) firmware

Tl-wdr3500 (1.0) firmware

Tl-wdr3600 (1.0) firmware

Tl-wdr4300 (1.0) firmware

Tl-wrd740n (5.0) firmware

Tl-wrd741nd (5.0) firmware

Tl-wrd841n (10.0) firmware

Tl-wrd841n (9.0) firmware

Tl-wrd841nd (10.0) firmware

Tl-wrd841nd (9.0) firmware

Tl-wr741nd (5.0)

Tl-wr740n (5.0) firmware

Tl-wr741nd (5.0) firmware

Tl-wr841n (10.0) firmware

Tl-wr841n (9.0) firmware

Tl-wr841nd (10.0) firmware

Tl-wr841nd (9.0) firmware

Tl-sg108e firmware

Wr841n v8 firmware

Nc250 v1 firmware

Archer c9 (2.0) firmware

Tl-mr3220 firmware

Wr940n firmware

Tl-wr741n firmware

Tl-wr741nd firmware

Tl-er3210g firmware

Tl-er3220g firmware

Tl-er5110g firmware

Tl-er5120g firmware

Tl-er6110g firmware

Tl-er6220g firmware

Tl-er6510g firmware

Tl-er7520g firmware

Tl-r4149g firmware

Tl-r473g firmware

Tl-r473gp-ac firmware

Tl-r473p-ac firmware

Tl-r478g firmware

Tl-r479gp-ac firmware

Tl-r479gpe-ac firmware

Tl-r479p-ac firmware

Tl-war1200l firmware

Tl-war1300l firmware

Tl-war1750l firmware

Tl-war2600l firmware

Tl-war302 firmware

Tl-war450 firmware

Tl-war450l firmware

Tl-war458 firmware

Tl-war458l firmware

Tl-war900l firmware

Tl-wvr1200l firmware

Tl-wvr1300g firmware

Tl-wvr1300l firmware

Tl-wvr1750l firmware

Tl-wvr2600l firmware

Tl-wvr4300l firmware

Tl-wvr450 firmware

Tl-wvr450l firmware

Tl-wvr458 firmware

Tl-wvr458l firmware

Tl-wvr458p firmware

See all Products for Vendor Tp-link

Copyright 2024, cxsecurity.com