The vulnerability of TP-Link JetStream TL-SG2210P microprogramming software lies in the incorrect limitation of the path name to the restricted access directory, allowing attackers to escalate their privileges.

The vulnerability of TP-Link JetStream TL-SG2210P switch’s microprogramming software is related to an incorrect restriction on the path name of the restricted access directory. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

BIT-NATS-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...

CVE-2023-43318

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests...

CVE-2023-43318

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests...

Design/Logic Flaw

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests...

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation Vulnerability

Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Tp-Link http://tp-link.com Product JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201 Vulnerability Type Improper Access Control Affected Product Code Base JetStream Smart Switch - TL-SG2210P...

CVE-2023-43318

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests...

CVE-2023-43318

Summary: CVE-2023-43318 affects TP-Link JetStream Smart Switch TL-SG2210P (v5.0, Build 20211201). Affects the webconsole endpoints under usermanagement/swtmactablecfg, where privilege escalation is possible by modifying the GET parameters tid and usrlvl. The issue is described as Improper Access ...

TP-LINK JetStream Smart Switch TL-SG2210P Security Breach

The TP-LINK JetStream Smart Switch TL-SG2210P is a smart switch from China P&L TP-LINK. A security vulnerability exists in TP-LINK JetStream Smart Switch TL-SG2210P version 5.0 Build 20211201, which originated from a vulnerability that allows an attacker to elevate privileges by modifying the tid...

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation

Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Tp-Link http://tp-link.com Product JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201 Vulnerability Type Improper Access Control Affected Product Code Base JetStream Smart Switch - TL-SG2210P...

PT-2024-2151 · Tp Link · Tp-Link Jetstream Smart Switch Tl-Sg2210P

Name of the Vulnerable Software and Affected Versions: TP-Link JetStream Smart Switch TL-SG2210P version 5.0 Build 20211201 Description: The issue is related to improper access control, allowing attackers to escalate privileges via modification of the tid and usrlvl values in GET requests. This c...

jetstream-cloud.org Cross Site Scripting vulnerability OBB-2935222

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-6H3M-36W8-HV68 Arbitrary file write in nats-server

This document is canonically: Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. JetStream is the optional RAFT-based resilient persistent feature of NATS. Problem Description The JetStream...

Arbitrary file write in nats-server

This document is canonically: Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. JetStream is the optional RAFT-based resilient persistent feature of NATS. Problem Description The JetStream...

CVE-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...

CVE-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...

CVE-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...

Directory traversal

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...

CVE-2022-26652

Summary: CVE-2022-26652 affects NATS nats-server (up to 2.7.3) and nats-streaming-server (up to 0.24.2). The issue is a directory traversal (“Zip Slip”) via an element in a ZIP archive used in JetStream streams, allowing potentially arbitrary file write. The root cause is insufficient sanitizatio...

CVE-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...