CVE-2025-0730 | TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 HTTP GET Request /usr_account_set.cgi username/password get request method with sensitive query strings

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings.

This vulnerability is traded as CVE-2025-0730. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

It is recommended to upgrade the affected component.

The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

CVE-2025-0730 | TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 HTTP GET Request /usr_account_set.cgi username/password get request method with sensitive query strings

Related Posts

CVE-2024-22034 | SUSE Linux Enterprise Desktop File

CVE-2024-50307 | Kubell Chatwork Desktop Application up to 2.9.1 on Windows potentially dangerous function

CVE-2024-6203 | Halo Service Solutions HaloITSM up to 2.146.0 Password Reset Token password recovery

CVE-2023-6439 | ZenTao PMS 18.8 cross site scripting