Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 28175 of 28407

CVE-2017-8074

Posted by Cyberthreat Blog | Apr 23, 2017 | CVE Notifications |

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from “SEND data” log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8075

Posted by Cyberthreat Blog | Apr 23, 2017 | CVE Notifications |

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from “Switch Info” log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8078

Posted by Cyberthreat Blog | Apr 23, 2017 | CVE Notifications |

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8077

Posted by Cyberthreat Blog | Apr 23, 2017 | CVE Notifications |

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8076

Posted by Cyberthreat Blog | Apr 23, 2017 | CVE Notifications |

On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

Author: Cyberthreat Blog

CVE-2017-8074

CVE-2017-8075

CVE-2017-8078

CVE-2017-8077

CVE-2017-8076