Cross-Site Scripting Vulnerability in TP-Link Devices
CVE-2017-17745

5.4MEDIUM

Key Information:

Vendor: Tp-link
Status: Tl-sg108e Firmware
Vendor: CVE Published:; 20 December 2017

Summary

A cross-site scripting (XSS) vulnerability exists in the system_name_set.cgi file of TP-Link TL-SG108E 1.0.0. This flaw permits authenticated remote attackers to inject malicious JavaScript through the 'sysName' parameter. Exploiters can leverage this vulnerability to manipulate user sessions and perform unauthorized actions on behalf of legitimate users, posing a significant risk to the security and integrity of the affected systems.

References

http://seclists.org/fulldisclosure/2017/Dec/67

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2017
Vulnerability Reserved
Dec 18, 2017