Lucene search

Shahnawaz Shaikh1337DAY-ID-39414

HistoryMar 05, 2024 - 12:00 a.m.

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation Vulnerability

2024-03-0500:00:00

Shahnawaz Shaikh

0day.today

111

tp-link

jetstream

smart switch

tl-sg2210p

privilege escalation

improper access control

usermanagement

swtmactablecfg endpoints

cve-2023-43318

high severity

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

24.6%

JSON

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Tp-Link (http://tp-link.com)


[Product]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201


[Vulnerability Type]
Improper Access Control


[Affected Product Code Base]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201


[Affected Component]
usermanagement, swtmactablecfg endpoints of webconsole


[CVE Reference]
CVE-2023-43318


[Security Issue]
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows
attackers to escalate privileges via modification of the 'tid' and 'usrlvl'
values in GET requests.


[Severity]
High


[Disclosure Timeline]
Vendor Notification: September 12, 2023
Vendor released fixed firmware TL-SG2210P(UN)_V5.20_5.20.1 Build 20240202:
February 29, 2024
March 1, 2024 : Public Disclosure

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

24.6%

JSON

Related for 1337DAY-ID-39414