27Oca
CVE-2025-0730 | TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 HTTP GET Request /usr_account_set.cgi username/password get request method with sensitive query strings
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. This vulnerability is traded as CVE-2025-0730. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.