Volerion logoVolerion
Volerion logoVolerion

TP-Link TL-SG108PE V5 Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE V5 switch. This vulnerability arises from improper sanitation of the SYSNAM configuration parameter during the import of configuration files. An attacker with administrator access can inject malicious scripts into the device's configuration, which may be executed in the administrator's browser when the affected interface is accessed. Exploitation of this vulnerability could lead to session cookie theft, unauthorized configuration changes, or access to sensitive information through the management interface.

Impact

Successful exploitation allows for session cookie theft, unauthorized configuration changes, and access to sensitive information via the management interface.

Remediation

Users are advised to update their devices to the latest firmware version 1.0.1 Build 20260330, available on the TP-Link official website.

Added: May 29, 2026, 8:19 PM
Updated: May 29, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.4
exploitability
2.8
remediation
0.0
relevance
9.7
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.