Skip to main content

TP-Link TL-SG108PE CVE-2026-34127

| EUVDEUVD-2026-33420 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-05-29 TPLink GHSA-pmw4-462f-6fp3
5.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:H/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:H/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 29, 2026 - 21:52 vuln.today
CVSS changed
May 29, 2026 - 20:22 NVD
5.3 (MEDIUM)
CVE Published
May 29, 2026 - 18:59 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious script into the device configuration, which may be stored and executed in the administrator’s browser when the affected interface is viewed.

Successful exploitation may allow session cookie theft, unauthorized configuration changes, or access to sensitive information exposed through the management interface.

AnalysisAI

Stored XSS in the TP-Link TL-SG108PE v5 web management interface allows an authenticated administrator on an adjacent network to inject persistent malicious script via the SYSNAM configuration parameter during a config file import operation. The injected payload is stored on the device and executes in any administrator's browser upon viewing the affected management page, enabling session cookie theft, unauthorized configuration changes, or exposure of sensitive management-plane data. No public exploit code has been identified at time of analysis, and CISA SSVC assessment rates exploitation as none and not automatable, consistent with the high privilege and adjacency prerequisites.

Technical ContextAI

The affected product is the TP-Link TL-SG108PE v5 managed gigabit switch (CPE: cpe:2.3:a:tp-link_systems_inc.:tl-sg108pe_v5:*:*:*:*:*:*:*:*), which exposes an HTTP-based web management interface for device administration. The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation - Stored XSS): the SYSNAM field within an imported configuration file is not properly sanitized or encoded before being written to persistent storage and subsequently rendered in the management UI. Because the payload is stored rather than reflected, it does not require repeated delivery and persists across sessions until the device is reconfigured or patched. The attack surface is the configuration import feature of the management interface, a privileged operation, which means the injection vector is gated behind an authenticated admin session on an adjacent network segment.

RemediationAI

The primary fix is to upgrade the TL-SG108PE v5 firmware to version 1.0.1 Build 260330 or later, which is confirmed available from the TP-Link vendor advisory at https://www.tp-link.com/us/support/faq/5110/ and downloadable from https://www.tp-link.com/us/support/download/tl-sg108pe/v5/#Firmware or the international mirror https://www.tp-link.com/en/support/download/tl-sg108pe/v5/#Firmware. Until patching is complete, the following compensating controls reduce exposure: restrict access to the switch management interface to a dedicated, isolated out-of-band management VLAN accessible only to trusted administrator workstations; disable configuration file import functionality if it is not operationally required (note: disabling this feature may limit disaster recovery options); enforce multi-factor authentication or session timeouts on administrator accounts to reduce the window of value for stolen session cookies. These mitigations do not eliminate the vulnerability but substantially raise the bar for exploitation given the existing adjacency and high-privilege prerequisites.

CVE-2015-3035 HIGH POC
7.5 Apr 22

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before

CVE-2013-2578 CRITICAL POC
10.0 Oct 11

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models be

CVE-2021-41653 CRITICAL POC
9.8 Nov 13

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to r

CVE-2022-25061 CRITICAL POC
9.8 Feb 25

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_set

CVE-2015-3036 CRITICAL POC
10.0 May 21

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in c

CVE-2012-5687 HIGH POC
7.8 Nov 01

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13

CVE-2022-25060 CRITICAL POC
9.8 Feb 25

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_sta

CVE-2025-9377 HIGH
8.6 Aug 29

TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental

CVE-2024-57049 CRITICAL POC
9.8 Feb 18

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized indi

CVE-2017-13772 HIGH POC
8.8 Oct 23

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated

CVE-2022-25064 CRITICAL POC
9.8 Feb 25

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the functio

CVE-2022-30075 HIGH POC
8.8 Jun 09

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote

Share

CVE-2026-34127 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy