CVE-2017-8075

{"id": "CVE-2017-8075", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-04-23T16:59:00.187", "references": [{"url": "http://www.securityfocus.com/bid/97983", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/97983", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from \"Switch Info\" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware."}, {"lang": "es", "value": "En el TP-Link TL-SG108E 1.0, un atacante remoto podr\u00eda recuperar las credenciales de las l\u00edneas de registro de \"Switch Info\" donde las contrase\u00f1as est\u00e1n en texto sin cifrar. Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749."}], "lastModified": "2024-11-21T03:33:17.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-sg108e_firmware:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "072964A1-9F2B-4FE8-954E-6059728663EE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-sg108e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "537907B5-7EAE-453A-81C6-8CF10498E7EB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}