CVE-2025-0730 | TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 HTTP GET Request /usr_account_set.cgi username/password get request method with sensitive query strings

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings.

This vulnerability is traded as CVE-2025-0730. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

It is recommended to upgrade the affected component.

The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

CVE-2025-0730 | TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 HTTP GET Request /usr_account_set.cgi username/password get request method with sensitive query strings

Post correlati

CVE-2023-39196 | Apache Ozone up to 1.3.0 Storage Container Manager Service improper authentication

CVE-2023-49042 | Tenda AX1803 1.0.0.1 setSchedWifi schedStartTime heap-based overflow

CVE-2025-23901 | Oliver Schaal GravatarLocalCache Plugin up to 1.1.2 on WordPress cross-site request forgery

CVE-2023-43996 | mini-app on Line 13.6.1 Channel Access Token information disclosure