cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0730,https://securityvulnerability.io/vulnerability/CVE-2025-0730,Vulnerability in HTTP GET Request Handler of TP-Link TL-SG108E Switch,"A vulnerability has been discovered in the TP-Link TL-SG108E affecting its HTTP GET Request Handler. An unspecified function within /usr_account_set.cgi allows an attacker to exploit the username and password parameters, leading to the exposure of sensitive query strings through the GET request method. This vulnerability can be exploited remotely, making it a significant security concern. While the complexity of this attack is relatively high, the potential for misuse exists as the exploit details have been publicly disclosed. Users are advised to upgrade to the newer version 1.0.0 Build 20250124 Rel. 54920(Beta) to mitigate the risks associated with this vulnerability.",Tp-link,Tl-sg108e,6.3,MEDIUM,0.0005799999926239252,false,,false,false,true,2025-01-27T17:00:13.000Z,true,false,false,,2025-01-27T17:00:13.810Z,0
CVE-2025-0729,https://securityvulnerability.io/vulnerability/CVE-2025-0729,Clickjacking Vulnerability in TP-Link TL-SG108E Network Switch,"A vulnerability exists in the TP-Link TL-SG108E switch that allows attackers to exploit clickjacking techniques. This remote attack can manipulate users into unknowingly interacting with elements of the web interface. Users are strongly advised to upgrade to version 1.0.0 Build 20250124 Rel. 54920(Beta) to mitigate this issue, as the vendor has proactively provided a pre-fix for affected customers.",Tp-link,Tl-sg108e,6.9,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,false,,2025-01-27T17:00:11.408Z,0
CVE-2017-8077,https://securityvulnerability.io/vulnerability/CVE-2017-8077,Hard-Coded Ciphering Key in TP-Link Ethernet Switch,"The TP-Link TL-SG108E 1.0 contains a hard-coded ciphering key that can compromise the security of the device, allowing potential attackers to exploit this flaw. This vulnerability impacts devices running firmware version 1.1.2 Build 20141017 Rel.50749, making it essential for users to review their device configurations and apply any necessary updates to enhance their network security.",Tp-link,Tl-sg108e Firmware,7.5,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-10-03T16:23:05.000Z,0
CVE-2017-17747,https://securityvulnerability.io/vulnerability/CVE-2017-17747,,"Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.",Tp-link,Tl-sg108e Firmware,6.5,MEDIUM,0.0022700000554323196,false,,false,false,false,,,false,false,,2017-12-20T20:00:00.000Z,0
CVE-2017-17746,https://securityvulnerability.io/vulnerability/CVE-2017-17746,,"Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.",Tp-link,Tl-sg108e Firmware,6.8,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-12-20T20:00:00.000Z,0
CVE-2017-17745,https://securityvulnerability.io/vulnerability/CVE-2017-17745,,Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.,Tp-link,Tl-sg108e Firmware,5.4,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2017-12-20T20:00:00.000Z,0
CVE-2017-8076,https://securityvulnerability.io/vulnerability/CVE-2017-8076,,"On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",Tp-link,Tl-sg108e Firmware,9.8,CRITICAL,0.006169999949634075,false,,false,false,false,,,false,false,,2017-04-23T16:59:00.000Z,0
CVE-2017-8075,https://securityvulnerability.io/vulnerability/CVE-2017-8075,,"On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from ""Switch Info"" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",Tp-link,Tl-sg108e Firmware,9.8,CRITICAL,0.007739999797195196,false,,false,false,false,,,false,false,,2017-04-23T16:00:00.000Z,0
CVE-2017-8074,https://securityvulnerability.io/vulnerability/CVE-2017-8074,,"On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from ""SEND data"" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",Tp-link,Tl-sg108e Firmware,9.8,CRITICAL,0.008129999972879887,false,,false,false,false,,,false,false,,2017-04-23T16:00:00.000Z,0
CVE-2017-8078,https://securityvulnerability.io/vulnerability/CVE-2017-8078,,"On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",Tp-link,Tl-sg108e Firmware,5.3,MEDIUM,0.0030300000216811895,false,,false,false,false,,,false,false,,2017-04-23T16:00:00.000Z,0