TL-SG1016DE security of changes value without any authentication.
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TL-SG1016DE security of changes value without any authentication.
Model :
Hardware Version :
Firmware Version :
ISP :
Hardware Version TL-SG1016DE 2.0
Firmware Version 1.0.1 Build 20151218 Rel.58739
I have this device, and try configure by URL request like:
Create VLAN=314, and add ports 1,16 to it VLAN can do it by this url:
http://192.168.0.1/vlan_8021q_based_set.cgi?qvlanid=314&qvlanname=Atest314&tag_1=1&tag_2=2&tag_3=2&tag_4=2&tag_5=2&tag_6=2&tag_7=2&tag_8=2&tag_9=2&tag_10=2&tag_11=2&tag_12=2&tag_13=2&tag_14=2&tag_15=2&tag_16=0&addModify=+Add%2FModify+
And it work, without any authentication.
It good for me as administrator I can by "wget" command configure easy smart switch.
By this url anybody in local net can configure this switch.
How I can protect my device ?
Login required for access to http://192.168.0.1/ gui of switch root page only?
Hardware Version :
Firmware Version :
ISP :
Hardware Version TL-SG1016DE 2.0
Firmware Version 1.0.1 Build 20151218 Rel.58739
I have this device, and try configure by URL request like:
Create VLAN=314, and add ports 1,16 to it VLAN can do it by this url:
http://192.168.0.1/vlan_8021q_based_set.cgi?qvlanid=314&qvlanname=Atest314&tag_1=1&tag_2=2&tag_3=2&tag_4=2&tag_5=2&tag_6=2&tag_7=2&tag_8=2&tag_9=2&tag_10=2&tag_11=2&tag_12=2&tag_13=2&tag_14=2&tag_15=2&tag_16=0&addModify=+Add%2FModify+
And it work, without any authentication.
It good for me as administrator I can by "wget" command configure easy smart switch.
By this url anybody in local net can configure this switch.
How I can protect my device ?
Login required for access to http://192.168.0.1/ gui of switch root page only?
http://lexxai.pp.ua