Lucene search

[email protected]NVD:CVE-2023-43135

HistorySep 20, 2023 - 10:15 p.m.

CVE-2023-43135

2023-09-2022:15:13

CWE-862

[email protected]

web.nvd.nist.gov

unauthorized access

tp-link er5120g

sensitive information

authentication

user tokens

backend management

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

Affected configurations

Nvd

Node

tp-linktl-er5120g_firmwareMatch2.0.0build_210817

AND

tp-linktl-er5120gMatch4.0

VendorProductVersionCPE
tp-linktl-er5120g_firmware2.0.0cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*
tp-linktl-er5120g4.0cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	tl-er5120g_firmware	2.0.0	cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817::::::
tp-link	tl-er5120g	4.0	cpe:2.3:h:tp-link:tl-er5120g:4.0:::::::*

References

github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

Related for NVD:CVE-2023-43135

vulnrichment1 cvelist1 cve1 prion1