Lucene search

[email protected]CVE-2023-22303

HistoryJan 17, 2023 - 10:15 a.m.

CVE-2023-22303

2023-01-1710:15:11

CWE-287

[email protected]

web.nvd.nist.gov

cve-2023-22303

tp-link

sg105pe

firmware

authentication bypass

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

TP-Link SG105PE firmware prior to ‘TL-SG105PE(UN) 1.0_1.0.0 Build 20221208’ contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and/or the product’s settings may be altered with the privilege of the administrator.

Affected configurations

NVD

Node

tp-linktl-sg105pe_firmwareMatch1.0.0build_20221208

AND

tp-linktl-sg105peMatch1.0

CPENameOperatorVersion
tp-link:tl-sg105pe_firmwaretp-link tl-sg105pe firmwareeq1.0.0

CPE	Name	Operator	Version
tp-link:tl-sg105pe_firmware	tp-link tl-sg105pe firmware	eq	1.0.0

CNA Affected

[
  {
    "vendor": "TP-Link",
    "product": "TP-Link SG105PE",
    "versions": [
      {
        "version": "firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208'",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN78481846/index.html

www.tp-link.com/en/business-networking/easy-smart-switch/tl-sg105pe/

www.tp-link.com/jp/support/download/tl-sg105pe/v1/#Firmware

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVE-2023-22303

cvelist1 nvd1 jvn1 prion1