Описание
Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.
Ссылки
- ExploitMailing ListMitigationThird Party Advisory
- ExploitMailing ListMitigationThird Party Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
6.8 Medium
CVSS3
7.7 High
CVSS2
Дефекты
Связанные уязвимости
Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.
EPSS
6.8 Medium
CVSS3
7.7 High
CVSS2