cvedb.io
CVE-2026-34127
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2026-05-29T20:16:22.607 · Last modified 2026-06-17T10:38:34.633

Summary

A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious script into the device configuration, which may be stored and executed in the administrator’s browser when the affected interface is viewed.     Successful exploitation may allow session cookie theft, unauthorized configuration changes, or access to sensitive information exposed through the management interface.

Affected products

tp-link — tl-sg108pe_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tp-link ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.