| Titel | tp-link TL-SG108E 1.0.0 Build 20201208 Rel.40304 Use of GET Request Method With Sensitive Query Strings |
|---|
| Beschreibung | The /usr_account_set.cgi endpoint transmits the username and password via a GET request, exposing sensitive credentials in the URL. This practice increases the risk of information leakage through browser history, logs, or intercepted network traffic, compromising account security. |
|---|
| Quelle | ⚠️ https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20sensitive%20info%20in%20GET.md |
|---|
| Benutzer | error404unknown (UID 53361) |
|---|
| Einreichung | 10.01.2025 00:06 (vor 1 Jahr) |
|---|
| Moderieren | 27.01.2025 11:29 (17 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 293508 [TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 HTTP GET Request /usr_account_set.cgi username/password Information Disclosure] |
|---|
| Punkte | 18 |
|---|