{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0729", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-01-27T10:29:44.549Z", "datePublished": "2025-01-27T17:00:11.408Z", "dateUpdated": "2025-01-27T18:49:02.244Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-01-27T17:00:11.408Z"}, "title": "TP-Link TL-SG108E clickjacking", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-451", "lang": "en", "description": "Clickjacking"}]}], "affected": [{"vendor": "TP-Link", "product": "TL-SG108E", "versions": [{"version": "1.0.0 Build 20201208 Rel. 40304", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers."}, {"lang": "de", "value": "Eine Schwachstelle wurde in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil. Mittels dem Manipulieren mit unbekannten Daten kann eine clickjacking-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.0.0 Build 20250124 Rel. 54920(Beta) vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2025-01-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-01-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-01-27T11:34:54.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "error404unknown (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.293507", "name": "VDB-293507 | TP-Link TL-SG108E clickjacking", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.293507", "name": "VDB-293507 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.478451", "name": "Submit #478451 | tp-link TL-SG108E 1.0.0 Build 20201208 Rel.40304 Clickjacking", "tags": ["third-party-advisory"]}, {"url": "https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md", "tags": ["related"]}, {"url": "https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip", "tags": ["patch"]}, {"url": "https://www.tp-link.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-27T18:48:49.910019Z", "id": "CVE-2025-0729", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T18:49:02.244Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0729", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-27T18:48:49.910019Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T18:48:32.412Z"}}], "cna": {"title": "TP-Link TL-SG108E clickjacking", "credits": [{"lang": "en", "type": "reporter", "value": "error404unknown (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "affected": [{"vendor": "TP-Link", "product": "TL-SG108E", "versions": [{"status": "affected", "version": "1.0.0 Build 20201208 Rel. 40304"}]}], "timeline": [{"lang": "en", "time": "2025-01-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-01-27T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-01-27T11:34:54.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.293507", "name": "VDB-293507 | TP-Link TL-SG108E clickjacking", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.293507", "name": "VDB-293507 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.478451", "name": "Submit #478451 | tp-link TL-SG108E 1.0.0 Build 20201208 Rel.40304 Clickjacking", "tags": ["third-party-advisory"]}, {"url": "https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md", "tags": ["related"]}, {"url": "https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip", "tags": ["patch"]}, {"url": "https://www.tp-link.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers."}, {"lang": "de", "value": "Eine Schwachstelle wurde in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil. Mittels dem Manipulieren mit unbekannten Daten kann eine clickjacking-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.0.0 Build 20250124 Rel. 54920(Beta) vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-451", "description": "Clickjacking"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-01-27T17:00:11.408Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0729", "state": "PUBLISHED", "dateUpdated": "2025-01-27T18:49:02.244Z", "dateReserved": "2025-01-27T10:29:44.549Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-01-27T17:00:11.408Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers."}], "id": "CVE-2025-0729", "lastModified": "2025-01-27T17:15:16.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-01-27T17:15:16.917", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md"}, {"source": "cna@vuldb.com", "url": "https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.293507"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.293507"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.478451"}, {"source": "cna@vuldb.com", "url": "https://www.tp-link.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}