CVE-2026-34127
Awaiting Analysis Awaiting Analysis - Queue
Stored XSS in TP-Link TL-SG108PE v5 Switch

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: TPLink

Description
A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious script into the device configuration, which may be stored and executed in the administrator’s browser when the affected interface is viewed.Β  Β Β  Successful exploitation may allow session cookie theft, unauthorized configuration changes, or access to sensitive information exposed through the management interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-05-30
AI Q&A
2026-05-29
EPSS Evaluated
N/A
NVD
CVE-2026-34127
EUVD
EUVD-2026-33420
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tp-link tl-sg108pe to 5.6 (inc)
tp-link tl-sg108pe From 1.0.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a stored cross-site scripting (XSS) issue found in the web management interface of the TP-Link TL-SG108PE version 5 switch. It occurs because the SYSNAM configuration parameter is not properly sanitized during the import of configuration files. An attacker who has administrator access can inject malicious scripts into the device's configuration. These scripts are then stored and executed in the administrator's browser when they view the affected interface.


How can this vulnerability impact me? :

Exploiting this vulnerability can allow an attacker to steal session cookies, make unauthorized configuration changes, or gain access to sensitive information exposed through the device's management interface.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this vulnerability involves checking the firmware version of the TP-Link TL-SG108PE v5 switch to see if it is vulnerable. Specifically, versions prior to TL-SG108PE(UN)_V5_1.0.1 Build 20260330 are affected.

Since the vulnerability is related to improper sanitization of the SYSNAM configuration parameter during configuration file import, reviewing the configuration files for suspicious or unexpected script content in the SYSNAM parameter may help detect exploitation.

There are no specific commands provided in the resources to detect the vulnerability directly on the device or network.


What immediate steps should I take to mitigate this vulnerability?

The immediate and recommended mitigation step is to upgrade the TP-Link TL-SG108PE v5 switch firmware to version TL-SG108PE(UN)_V5_1.0.1 Build 20260330 or later.

This firmware update fixes the vulnerability by updating validation rules for the Device Description field, restricting input to only numbers, letters, and hyphens, and preventing leading or trailing hyphens.

Until the firmware is updated, limit administrator access to trusted users only, as exploitation requires administrator privileges.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart