Vulnerability in HTTP GET Request Handler of TP-Link TL-SG108E Switch
CVE-2025-0730

6.3MEDIUM

Key Information:

Vendor
Tp-link
Status
Tl-sg108e
Vendor
CVE Published:
27 January 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability has been discovered in the TP-Link TL-SG108E affecting its HTTP GET Request Handler. An unspecified function within /usr_account_set.cgi allows an attacker to exploit the username and password parameters, leading to the exposure of sensitive query strings through the GET request method. This vulnerability can be exploited remotely, making it a significant security concern. While the complexity of this attack is relatively high, the potential for misuse exists as the exploit details have been publicly disclosed. Users are advised to upgrade to the newer version 1.0.0 Build 20250124 Rel. 54920(Beta) to mitigate the risks associated with this vulnerability.

Affected Version(s)

TL-SG108E 1.0.0 Build 20201208 Rel. 40304

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-0730 - Proof of Concept

References

https://vuldb.com/?id.293508
vdb-entrytechnical-description
https://vuldb.com/?ctiid.293508
signaturepermissions-required
https://vuldb.com/?submit.478465
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

error404unknown (VulDB User)
.