Sign-up

ID

VAR-202501-3672


CVE

CVE-2025-0730


TITLE

TP-LINK Technologies  of  TL-SG108E  in the firmware  GET  Vulnerability regarding information leakage from query string in request

Trust: 0.8

sources: JVNDB: JVNDB-2025-009083

DESCRIPTION

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers. TP-LINK Technologies of TL-SG108E The firmware has GET There is a vulnerability related to information leakage from the query string in the request.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2025-0730 // JVNDB: JVNDB-2025-009083

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-sg108escope:eqversion:1.0.0

Trust: 1.0

vendor:tp linkmodel:tl-sg108escope:eqversion:tl-sg108e firmware 1.0.0

Trust: 0.8

vendor:tp linkmodel:tl-sg108escope:eqversion: -

Trust: 0.8

vendor:tp linkmodel:tl-sg108escope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-009083 // NVD: CVE-2025-0730

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-0730
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-009083
value: LOW

Trust: 0.8

cna@vuldb.com: CVE-2025-0730
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-009083
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-0730
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-009083
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-009083 // NVD: CVE-2025-0730

PROBLEMTYPE DATA

problemtype:CWE-598

Trust: 1.0

problemtype:GET Information leakage from query string in request (CWE-598) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-009083 // NVD: CVE-2025-0730

EXTERNAL IDS

db:NVDid:CVE-2025-0730

Trust: 2.6

db:VULDBid:293508

Trust: 1.8

db:JVNDBid:JVNDB-2025-009083

Trust: 0.8

sources: JVNDB: JVNDB-2025-009083 // NVD: CVE-2025-0730

REFERENCES

url:https://github.com/thecyberdiver/public-disclosures-cve-/blob/main/tp-link%20sensitive%20info%20in%20get.md

Trust: 1.8

url:https://vuldb.com/?id.293508

Trust: 1.8

url:https://vuldb.com/?submit.478465

Trust: 1.8

url:https://www.tp-link.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.293508

Trust: 1.0

url:https://static.tp-link.com/upload/beta/2025/202501/20250124/tl-sg108e(un)%206.0_1.0.0%20build%2020250124%20rel.54920(beta)_up.zip

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-0730

Trust: 0.8

sources: JVNDB: JVNDB-2025-009083 // NVD: CVE-2025-0730

SOURCES

db:JVNDBid:JVNDB-2025-009083
db:NVDid:CVE-2025-0730

LAST UPDATE DATE

2025-07-18T23:03:22.123000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-009083date:2025-07-17T03:23:00
db:NVDid:CVE-2025-0730date:2025-07-16T00:57:35.617

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-009083date:2025-07-17T00:00:00
db:NVDid:CVE-2025-0730date:2025-01-27T17:15:17.133