CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-8078

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.5%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/97985
https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/
http://www.securityfocus.com/bid/97985
https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/

Products affected by CVE-2017-8078

Tp-Link » Tl-Sg108e » Version: N/A

cpe:2.3:h:tp-link:tl-sg108e:-
Tp-Link » Tl-Sg108e Firmware » Version: 1.1.2

cpe:2.3:o:tp-link:tl-sg108e_firmware:1.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-8078

Products

Pricing

Contact Us