Remote Credential Exposure in TP-Link Switches
CVE-2017-8074

9.8CRITICAL

Key Information:

Vendor: Tp-link
Status: Tl-sg108e Firmware
Vendor: CVE Published:; 23 April 2017

What is CVE-2017-8074?

A vulnerability in the TP-Link TL-SG108E 1.0 allows remote attackers to extract sensitive credentials from 'SEND data' log lines. The flaw arises due to passwords being encoded in hexadecimal format, enabling unauthorized users to retrieve these credentials with ease. This exposure represents a significant risk, particularly if adequate network security measures are not in place. Users of the affected firmware version should prioritize updates and implement robust security practices.

References

https://chmod750.com/2017/04/23/vulnerability-disclosure-...

x_refsource_MISC

http://www.securityfocus.com/bid/97981

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2017
Vulnerability Reserved
Apr 23, 2017

Tp-link

What is CVE-2017-8074?

References

CVSS V3.1

Timeline