Vulnerabilities > TP Link > TL Sg108E Firmware > 1.1.2

DATE CVE VULNERABILITY TITLE RISK
2017-04-23 CVE-2017-8078 Improper Authentication vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd).
network
low complexity
tp-link CWE-287
5.3
5.3
2017-04-23 CVE-2017-8077 Use of Hard-coded Credentials vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt).
network
low complexity
tp-link CWE-798
7.5
7.5
2017-04-23 CVE-2017-8076 Inadequate Encryption Strength vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated.
network
low complexity
tp-link CWE-326
critical
 9.8
9.8
2017-04-23 CVE-2017-8075 Information Exposure Through Log Files vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext.
network
low complexity
tp-link CWE-532
critical
 9.8
9.8
2017-04-23 CVE-2017-8074 Information Exposure Through Log Files vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal.
network
low complexity
tp-link CWE-532
critical
 9.8
9.8