CVE-2025-0729

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

CVSS v3 4.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md
https://static.tp-link.com/upload/beta/2025/202501/20250124/TL-SG108E(UN)%206.0_1.0.0%20Build%2020250124%20Rel.54920(Beta)_up.zip
https://vuldb.com/?ctiid.293507
https://vuldb.com/?id.293507
https://vuldb.com/?submit.478451
https://www.tp-link.com/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Se ha calificado como problemática. Este problema afecta a algunos procesos desconocidos. La manipulación conduce a un secuestro de clics. El ataque puede iniciarse de forma remota. La actualización a la versión 1.0.0 Build 20250124 Rel. 54920(Beta) puede solucionar este problema. Se recomienda actualizar el componente afectado. Se contactó al proveedor con prontitud. Reaccionaron de manera muy profesional y proporcionaron una versión previa a la corrección para sus clientes.

27 Jan 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-27 17:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-0729

Mitre link : CVE-2025-0729

CVE.ORG link : CVE-2025-0729

JSON object : View

Products Affected

No product.

CWE

CWE-451

User Interface (UI) Misrepresentation of Critical Information

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2025-0729

4.3^/10

5.0^/10

Attach tags to `CVE-2025-0729`