cbcvebase.
CVE-2019-16893
published 2020-02-03

CVE-2019-16893: The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.

PriorityP268high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
37.82%
98.4th percentile
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.

Affected

1 ranges
VendorProductVersion rangeFixed in
tp-linktp-sg105e_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/reboot.cgi
commandcurl -d "reboot_op=reboot" -X POST http://192.168.1.10/reboot.cgi
  • Alert on any HTTP POST to the path /reboot.cgi on TP-Link TL-SG105E web management interfaces (typically on LAN/management network), especially from unauthenticated sources.
  • ·The exploit targets TP-Link TP-SG105E V4 firmware version 1.0.0 Build 20181120 specifically; patched firmware (1.0.0 Build 20200119 rel.52079) restricts access to the internal API and is not vulnerable.
  • ·The vulnerable endpoint is part of the device's web management interface; if the management interface is exposed beyond the local network, the attack surface is significantly increased.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.