All the vulnerabilites related to TP-Link - TL-SG1016DE
cve-2024-4224
Vulnerability from cvelistv5
Published
2024-07-15 20:34
Modified
2024-08-01 20:33
Severity ?
EPSS score ?
Summary
TP-Link TL-SG1016DE XSS
References
▼ | URL | Tags |
---|---|---|
https://takeonme.org/cves/CVE-2024-4224.html | third-party-advisory | |
https://www.tp-link.com/en/support/download/tl-sg1016de/v7/#Firmware | patch |
Impacted products
▼ | Vendor | Product |
---|---|---|
TP-Link | TL-SG1016DE |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:tp-link:tl-sg1016de:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tl-sg1016de", "vendor": "tp-link", "versions": [ { "status": "affected", "version": "7.6_1.0.0build20230616" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-4224", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T13:11:06.702298Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-16T13:22:39.852Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:33:53.018Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://takeonme.org/cves/CVE-2024-4224.html" }, { "tags": [ "patch", "x_transferred" ], "url": "https://www.tp-link.com/en/support/download/tl-sg1016de/v7/#Firmware" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "TL-SG1016DE", "vendor": "TP-Link", "versions": [ { "lessThanOrEqual": "V7.6_1.0.0 Build 20230616", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "73x45!!!!!" }, { "lang": "en", "type": "finder", "value": "s3rv1c3_w34p0n_r34ch3r" }, { "lang": "en", "type": "coordinator", "value": "Austin Hackers Anonymous!" } ], "datePublic": "2024-07-15T18:37:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator\u0027s browser. This issue was fixed in\u0026nbsp;TL-SG1016DE(UN) V7_1.0.1 Build 20240628.\u003cbr\u003e" } ], "value": "An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator\u0027s browser. This issue was fixed in\u00a0TL-SG1016DE(UN) V7_1.0.1 Build 20240628." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-15T20:34:53.699Z", "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "shortName": "AHA" }, "references": [ { "tags": [ "third-party-advisory" ], "url": "https://takeonme.org/cves/CVE-2024-4224.html" }, { "tags": [ "patch" ], "url": "https://www.tp-link.com/en/support/download/tl-sg1016de/v7/#Firmware" } ], "source": { "discovery": "EXTERNAL" }, "title": "TP-Link TL-SG1016DE XSS", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "assignerShortName": "AHA", "cveId": "CVE-2024-4224", "datePublished": "2024-07-15T20:34:53.699Z", "dateReserved": "2024-04-26T00:34:22.437Z", "dateUpdated": "2024-08-01T20:33:53.018Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }