Lucene search

K
vulnrichmentCERT-InVULNRICHMENT:CVE-2024-10523
HistoryNov 04, 2024 - 12:00 p.m.

CVE-2024-10523 Information Disclosure Vulnerability in TP-Link IoT Smart Hub

2024-11-0412:00:05
CWE-312
CERT-In
github.com
3
tp-link
iot smart hub
information disclosure
wi-fi credentials
plain text
firmware
physical access
exploit

CVSS4

4.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

11.4%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.

CVSS4

4.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:L/SI:N/VA:L/SA:N

AI Score

6.6

Confidence

Low

EPSS

0

Percentile

11.4%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-10523