Lucene search
Shahnawaz ShaikhPACKETSTORM:177411HistoryMar 04, 2024 - 12:00 a.m.
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation
2024-03-0400:00:00
Shahnawaz Shaikh
packetstormsecurity.com
81
tp-link
jetstream smart switch
improper access control
privilege escalation
webconsole
cve-2023-43318
remote
high severity
firmware update
disclosure timeline
.
`[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_
[Vendor]
Tp-Link (http://tp-link.com)
[Product]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201
[Vulnerability Type]
Improper Access Control
[Affected Product Code Base]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201
[Affected Component]
usermanagement, swtmactablecfg endpoints of webconsole
[CVE Reference]
CVE-2023-43318
[Security Issue]
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows
attackers to escalate privileges via modification of the 'tid' and 'usrlvl'
values in GET requests.
[Exploit/POC]
N/A
[Network Access]
Remote
[Severity]
High
[Disclosure Timeline]
Vendor Notification: September 12, 2023
Vendor released fixed firmware TL-SG2210P(UN)_V5.20_5.20.1 Build 20240202:
February 29, 2024
March 1, 2024 : Public Disclosure
`
Related
nvd
nvd
CVE-2023-43318
2024-03-06 00:15:52
zdt
zdt
cvelist
cvelist
CVE-2023-43318
2024-03-05 00:00:00
cve
cve
CVE-2023-43318
2024-03-06 00:15:52
prion
prion
Design/Logic Flaw
2024-03-06 00:15:00