Access Control Vulnerability in TP-Link TL-SG108E Switch
CVE-2017-17746

6.8MEDIUM

Key Information:

Vendor: Tp-link
Status: Tl-sg108e Firmware
Vendor: CVE Published:; 20 December 2017

Summary

The TP-Link TL-SG108E series exhibits a weakness in its access control mechanisms. This vulnerability allows any user behind a NAT network, who has an authenticated administrator, to gain unauthorized access to the device without needing to provide credentials. The device retains the authentication record for the IP address assigned to the NAT gateway, meaning that any individual connected to that gateway can exploit the authenticated session, enabling potential unauthorized interactions with the network device.

References

http://seclists.org/fulldisclosure/2017/Dec/67

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2017
Vulnerability Reserved
Dec 18, 2017