On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
References
Link | Resource |
---|---|
https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/ | Exploit Technical Description Third Party Advisory |
http://www.securityfocus.com/bid/97983 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2017-04-23 09:59
Updated : 2017-04-27 11:23
NVD link : CVE-2017-8075
Mitre link : CVE-2017-8075
JSON object : View
CWE
CWE-532
Insertion of Sensitive Information into Log File
Products Affected
tp-link
- tl-sg108e_firmware
- tl-sg108e