CVE-2017-17745

5.4MEDIUM

Key Information:

Vendor: Tp-link
Status: Tl-sg108e Firmware
Vendor: CVE Published:; 20 December 2017

Summary

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.

References

http://seclists.org/fulldisclosure/2017/Dec/67

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2017
Vulnerability Reserved
Dec 18, 2017