cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2017-8077,https://securityvulnerability.io/vulnerability/CVE-2017-8077,Hard-Coded Ciphering Key in TP-Link Ethernet Switch,"The TP-Link TL-SG108E 1.0 contains a hard-coded ciphering key that can compromise the security of the device, allowing potential attackers to exploit this flaw. This vulnerability impacts devices running firmware version 1.1.2 Build 20141017 Rel.50749, making it essential for users to review their device configurations and apply any necessary updates to enhance their network security.",Tp-link,Tl-sg108e Firmware,7.5,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-10-03T16:23:05.000Z,0
CVE-2017-17746,https://securityvulnerability.io/vulnerability/CVE-2017-17746,,"Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.",Tp-link,Tl-sg108e Firmware,6.8,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-12-20T20:00:00.000Z,0
CVE-2017-17745,https://securityvulnerability.io/vulnerability/CVE-2017-17745,,Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.,Tp-link,Tl-sg108e Firmware,5.4,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2017-12-20T20:00:00.000Z,0
CVE-2017-17747,https://securityvulnerability.io/vulnerability/CVE-2017-17747,,"Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.",Tp-link,Tl-sg108e Firmware,6.5,MEDIUM,0.0022700000554323196,false,,false,false,false,,,false,false,,2017-12-20T20:00:00.000Z,0
CVE-2017-8076,https://securityvulnerability.io/vulnerability/CVE-2017-8076,,"On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",Tp-link,Tl-sg108e Firmware,9.8,CRITICAL,0.006169999949634075,false,,false,false,false,,,false,false,,2017-04-23T16:59:00.000Z,0
CVE-2017-8078,https://securityvulnerability.io/vulnerability/CVE-2017-8078,,"On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",Tp-link,Tl-sg108e Firmware,5.3,MEDIUM,0.0030300000216811895,false,,false,false,false,,,false,false,,2017-04-23T16:00:00.000Z,0
CVE-2017-8075,https://securityvulnerability.io/vulnerability/CVE-2017-8075,,"On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from ""Switch Info"" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",Tp-link,Tl-sg108e Firmware,9.8,CRITICAL,0.007739999797195196,false,,false,false,false,,,false,false,,2017-04-23T16:00:00.000Z,0
CVE-2017-8074,https://securityvulnerability.io/vulnerability/CVE-2017-8074,,"On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from ""SEND data"" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.",Tp-link,Tl-sg108e Firmware,9.8,CRITICAL,0.008129999972879887,false,,false,false,false,,,false,false,,2017-04-23T16:00:00.000Z,0