Vulnerability CVE-2017-17746
Published: 2017-12-20

Description:
Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
TP-Link TL-SG108E XSS / Weak Access Control
James McLean
20.12.2017

Type:

CWE-306

 (Missing Authentication for Critical Function)

CVSS2 => (AV:A/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.7/10
10/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Tp-link -> Tl-sg108e firmware 

 References:
http://seclists.org/fulldisclosure/2017/Dec/67
Copyright 2024, cxsecurity.com

 

Back to Top