| Title | tp-link TL-SG108E 1.0.0 Build 20201208 Rel.40304 Use of GET Request Method With Sensitive Query Strings |
|---|
| Description | The /usr_account_set.cgi endpoint transmits the username and password via a GET request, exposing sensitive credentials in the URL. This practice increases the risk of information leakage through browser history, logs, or intercepted network traffic, compromising account security. |
|---|
| Source | ⚠️ https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20sensitive%20info%20in%20GET.md |
|---|
| User | error404unknown (UID 53361) |
|---|
| Submission | 01/10/2025 00:06 (1 Year ago) |
|---|
| Moderation | 01/27/2025 11:29 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 293508 [TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 HTTP GET Request /usr_account_set.cgi username/password get request method with sensitive query strings] |
|---|
| Points | 18 |
|---|