Lucene search

[email protected]NVD:CVE-2023-22303

HistoryJan 17, 2023 - 10:15 a.m.

CVE-2023-22303

2023-01-1710:15:11

CWE-287

[email protected]

web.nvd.nist.gov

tp-link

sg105pe

firmware

authentication

bypass

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

72.3%

JSON

TP-Link SG105PE firmware prior to ‘TL-SG105PE(UN) 1.0_1.0.0 Build 20221208’ contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and/or the product’s settings may be altered with the privilege of the administrator.

Affected configurations

Nvd

Node

tp-linktl-sg105pe_firmwareMatch1.0.0build_20221208

AND

tp-linktl-sg105peMatch1.0

VendorProductVersionCPE
tp-linktl-sg105pe_firmware1.0.0cpe:2.3:o:tp-link:tl-sg105pe_firmware:1.0.0:build_20221208:*:*:*:*:*:*
tp-linktl-sg105pe1.0cpe:2.3:h:tp-link:tl-sg105pe:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	tl-sg105pe_firmware	1.0.0	cpe:2.3:o:tp-link:tl-sg105pe_firmware:1.0.0:build_20221208::::::
tp-link	tl-sg105pe	1.0	cpe:2.3:h:tp-link:tl-sg105pe:1.0:::::::*

References

jvn.jp/en/jp/JVN78481846/index.html

www.tp-link.com/en/business-networking/easy-smart-switch/tl-sg105pe/

www.tp-link.com/jp/support/download/tl-sg105pe/v1/#Firmware

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

72.3%

JSON

Related for NVD:CVE-2023-22303

cvelist1 cve1 jvn1 prion1