CVE-2026-34127

Published: Mag 29, 2026 Last Modified: Mag 29, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Attack Vector: adjacent
Attack Complexity: low
Privileges Required: high
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

A stored
cross-site scripting (XSS) vulnerability has been identified in the web
management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM
configuration parameter during configuration file import. An attacker with
administrator access can inject malicious script into the device configuration,
which may be stored and executed in the administrator’s browser when the
affected interface is viewed.    

Successful
exploitation may allow session cookie theft, unauthorized configuration
changes, or access to sensitive information exposed through the management
interface.

79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Integrity Availability
Potential Impacts:
Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
Likelihood of Exploit: High
View CWE Details
https://www.tp-link.com/en/support/download/tl-sg108pe/v5/#…
https://www.tp-link.com/en/support/download/tl-sg108pe/v5/#Firmware
https://www.tp-link.com/us/support/download/tl-sg108pe/v5/#…
https://www.tp-link.com/us/support/download/tl-sg108pe/v5/#Firmware
https://www.tp-link.com/us/support/faq/5110/
https://www.tp-link.com/us/support/faq/5110/