3 matches found
CVE-2023-2759
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability...
CVE-2023-2759
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability...
CVE-2023-2759
TapHome core platform before version 2023.2 contains a hidden API vulnerability that lets an authenticated, low-privilege user change other users’ passwords, potentially giving full device access. This is documented across CVE-2023-2759 entries (NVD/Red Hat) and aligns with the vendor’s disclosur...