CVE-2025-0729 (GCVE-0-2025-0729)
Vulnerability from cvelistv5 – Published: 2025-01-27 17:00 – Updated: 2025-01-27 18:49
VLAI?
Summary
A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-451 - Clickjacking
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Credits
error404unknown (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T18:48:49.910019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:49:02.244Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TL-SG108E",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "1.0.0 Build 20201208 Rel. 40304"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "error404unknown (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil. Mittels dem Manipulieren mit unbekannten Daten kann eine clickjacking-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.0.0 Build 20250124 Rel. 54920(Beta) vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "Clickjacking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T17:00:11.408Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-293507 | TP-Link TL-SG108E clickjacking",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.293507"
},
{
"name": "VDB-293507 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.293507"
},
{
"name": "Submit #478451 | tp-link TL-SG108E 1.0.0 Build 20201208 Rel.40304 Clickjacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.478451"
},
{
"tags": [
"related"
],
"url": "https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md"
},
{
"tags": [
"patch"
],
"url": "https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip"
},
{
"tags": [
"product"
],
"url": "https://www.tp-link.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-27T11:34:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "TP-Link TL-SG108E clickjacking"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-0729",
"datePublished": "2025-01-27T17:00:11.408Z",
"dateReserved": "2025-01-27T10:29:44.549Z",
"dateUpdated": "2025-01-27T18:49:02.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-0729\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-01-27T17:15:16.917\",\"lastModified\":\"2025-01-27T17:15:16.917\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos. La manipulaci\u00f3n conduce a un secuestro de clics. El ataque puede iniciarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.0.0 Build 20250124 Rel. 54920(Beta) puede solucionar este problema. Se recomienda actualizar el componente afectado. Se contact\u00f3 al proveedor con prontitud. Reaccionaron de manera muy profesional y proporcionaron una versi\u00f3n previa a la correcci\u00f3n para sus clientes.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-451\"}]}],\"references\":[{\"url\":\"https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.293507\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.293507\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.478451\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://www.tp-link.com/\",\"source\":\"cna@vuldb.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0729\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-27T18:48:49.910019Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-27T18:48:32.412Z\"}}], \"cna\": {\"title\": \"TP-Link TL-SG108E clickjacking\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"error404unknown (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5, \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\"}}], \"affected\": [{\"vendor\": \"TP-Link\", \"product\": \"TL-SG108E\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0 Build 20201208 Rel. 40304\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-01-27T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-01-27T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-01-27T11:34:54.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.293507\", \"name\": \"VDB-293507 | TP-Link TL-SG108E clickjacking\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://vuldb.com/?ctiid.293507\", \"name\": \"VDB-293507 | CTI Indicators (IOB, IOC, TTP)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.478451\", \"name\": \"Submit #478451 | tp-link TL-SG108E 1.0.0 Build 20201208 Rel.40304 Clickjacking\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md\", \"tags\": [\"related\"]}, {\"url\": \"https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.tp-link.com/\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.\"}, {\"lang\": \"de\", \"value\": \"Eine Schwachstelle wurde in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil. Mittels dem Manipulieren mit unbekannten Daten kann eine clickjacking-Schwachstelle ausgenutzt werden. Der Angriff kann \\u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.0.0 Build 20250124 Rel. 54920(Beta) vermag dieses Problem zu l\\u00f6sen. Als bestm\\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-451\", \"description\": \"Clickjacking\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-01-27T17:00:11.408Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-0729\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-27T18:49:02.244Z\", \"dateReserved\": \"2025-01-27T10:29:44.549Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-01-27T17:00:11.408Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…