CVE-2017-17746

{"id": "CVE-2017-17746", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2017-12-20T20:29:00.340", "references": [{"url": "http://seclists.org/fulldisclosure/2017/Dec/67", "tags": ["Exploit", "Mailing List", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated."}, {"lang": "es", "value": "M\u00e9todos de control de acceso deficientes en TP-Link TL-SG108E 1.0.0 permiten que cualquier usuario de una red NAT con un administrador autenticado acceda al dispositivo sin introducir credenciales de usuario. El registro de autenticaci\u00f3n se almacena en el dispositivo; por lo tanto, si un administrador se autentica desde una red NAT, la autenticaci\u00f3n se aplica a la direcci\u00f3n IP de la pasarela NAT y cualquier usuario que se encuentre detr\u00e1s de esa pasarela NAT tambi\u00e9n se trata como autenticado."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-sg108e_firmware:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A722886-ED58-4E1D-8924-C8ABD6EAD0FC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-sg108e:1.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9031702B-008F-4392-83DF-447B3E3DBD0E"}, {"criteria": "cpe:2.3:h:tp-link:tl-sg108e:2.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6ED6E4D1-F88C-48E6-B63F-3BE91914E6F6"}, {"criteria": "cpe:2.3:h:tp-link:tl-sg108e:3.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "64CEEDDA-EA51-4D5A-A03B-A20F42961B57"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}