Tp-Link: >> Tl-Sg108e Firmware >> 1.1.2 Security Vulnerabilities
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-04-23
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVSS Score
9.8
EPSS Score
0.019
Published
2017-04-23
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-04-23
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-04-23
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-04-23