NVD脆弱性詳細

Exploit、PoC検索

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2026-34127

概要	A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious script into the device configuration, which may be stored and executed in the administrator’s browser when the affected interface is viewed. Successful exploitation may allow session cookie theft, unauthorized configuration changes, or access to sensitive information exposed through the management interface.
公表日	2026年5月30日5:16
登録日	2026年5月31日4:15
最終更新日	2026年5月30日5:25

関連情報、対策とツール

No	URL	refsource	タグ
1	https://www.tp-link.com/en/support/download/tl-sg108pe/v5/#Firmware	f23511db-6c3e-4e32-a477-6aa17d310630
2	https://www.tp-link.com/us/support/download/tl-sg108pe/v5/#Firmware	f23511db-6c3e-4e32-a477-6aa17d310630
3	https://www.tp-link.com/us/support/faq/5110/	f23511db-6c3e-4e32-a477-6aa17d310630

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html