Lucene search

[email protected]NVD:CVE-2023-23040

HistoryFeb 22, 2023 - 5:15 p.m.

CVE-2023-23040

2023-02-2217:15:12

CWE-327

[email protected]

web.nvd.nist.gov

tp-link

authentication

vulnerability

md5

deprecated

password

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

75.0%

JSON

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.

Affected configurations

NVD

Node

tp-linktl-wr940n_firmwareMatch6_3.19.1180119

AND

tp-linktl-wr940nMatch-

References

midist0xf.medium.com/tl-wr940n-uses-weak-md5-hashing-algorithm-ae7b589860d2

www.tp-link.com/en/support/download/tl-wr940n/#Firmware

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for NVD:CVE-2023-23040

prion1 cvelist1 cve1