CVE-2025-0730

Summary

CVE-2025-0730 is a newly identified vulnerability affecting the TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304's HTTP GET Request Handler. This issue lies within an unknown function of the /usr_account_set.cgi file, where manipulation of the username/password argument triggers the use of a get request method with sensitive query strings. This vulnerability can be exploited remotely, although the attack's complexity is relatively high and exploitability is reportedly difficult. The exploit has been disclosed to the public. TP-Link has released a pre-fix version (1.0.0 Build 20250124 Rel. 54920(Beta)) to address the issue, and it is strongly recommended to upgrade the affected component as soon as possible. The vendor has responded promptly and professionally to the discovered vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.