- Description
- A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.
- Source
- cna@vuldb.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 6.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 3.7
- Impact score
- 1.4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Secondary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:N/A:N
- cna@vuldb.com
- CWE-598
- Hype score
- Not currently trending
🚨 Vulnerability Alert: TP-Link TL-SG108E (CVE-2025-0730)! . 📢 A flaw in TP-Link TL-SG108E exposes sensitive query strings via /usr_account_set.cgi in HTTP GET requests. . 🔍 Details: Remote exploitation possible (complex but disclosed). . #CVE20250730 #ahmedmansourcsofficial ht
@CsAhmedmansour
2 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0730 A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_… https://t.co/2EaziRjCNw
@CVEnew
27 Jan 2025
233 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-0730 | TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 HTTP GET Request /usr_account_set.cgi username/password get request method with sensitive query strings) has been published on https://t.co/erXy1fLfCT
@WolfgangSesin
27 Jan 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-0730 | TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 HTTP GET Request /usr_account_set.cgi username/password get request method with sensitive query strings) has been published on https://t.co/dlBUbBgxQl
@WolfgangSesin
27 Jan 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes