Remote Credential Exposure in TP-Link Switches
CVE-2017-8074

9.8CRITICAL

Key Information:

Vendor
Tp-link
Status
Tl-sg108e Firmware
Vendor
CVE Published:
23 April 2017

Summary

A vulnerability in the TP-Link TL-SG108E 1.0 allows remote attackers to extract sensitive credentials from 'SEND data' log lines. The flaw arises due to passwords being encoded in hexadecimal format, enabling unauthorized users to retrieve these credentials with ease. This exposure represents a significant risk, particularly if adequate network security measures are not in place. Users of the affected firmware version should prioritize updates and implement robust security practices.

References

https://chmod750.com/2017/04/23/vulnerability-disclosure-...
x_refsource_MISC
http://www.securityfocus.com/bid/97981
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.