Cleartext Credential Exposure in TP-Link Managed Switch
CVE-2017-8075

9.8CRITICAL

Key Information:

Vendor: Tp-link
Status: Tl-sg108e Firmware
Vendor: CVE Published:; 23 April 2017

Summary

The TP-Link TL-SG108E 1.0 switch is susceptible to a vulnerability that permits remote attackers to access sensitive information. Specifically, the 'Switch Info' log lines can expose user credentials, including passwords stored in cleartext. This issue affects firmware version 1.1.2 Build 20141017 Rel.50749, highlighting potential risks for users' network security. Mitigating this vulnerability is essential to prevent unauthorized access and protect sensitive data.

References

https://chmod750.com/2017/04/23/vulnerability-disclosure-...

x_refsource_MISC

http://www.securityfocus.com/bid/97983

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2017
Vulnerability Reserved
Apr 23, 2017