Vulnerability Details : CVE-2017-8075
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
Exploit prediction scoring system (EPSS) score for CVE-2017-8075
Probability of exploitation activity in the next 30 days: 0.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-8075
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-8075
-
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8075
-
https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/
Exploit;Technical Description;Third Party Advisory
-
http://www.securityfocus.com/bid/97983
TP-Link TL-SG108E CVE-2017-8075 Information Disclosure VulnerabilityThird Party Advisory;US Government Resource
Products affected by CVE-2017-8075
- cpe:2.3:o:tp-link:tl-sg108e_firmware:1.1.2:*:*:*:*:*:*:*