JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318
2024-3-3 08:54:22 Author: seclists.org(查看原文) 阅读量:35 收藏

fulldisclosure logo

Full Disclosure mailing list archives


From: Shaikh Shahnawaz <sshahnawaz99910 () gmail com>
Date: Fri, 1 Mar 2024 12:51:30 +0400

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Tp-Link (http://tp-link.com)


[Product]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201


[Vulnerability Type]
Improper Access Control


[Affected Product Code Base]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201


[Affected Component]
usermanagement, swtmactablecfg endpoints of webconsole


[CVE Reference]
CVE-2023-43318


[Security Issue]
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows
attackers to escalate privileges via modification of the 'tid' and 'usrlvl'
values in GET requests.


[Exploit/POC]
N/A


[Network Access]
Remote


[Severity]
High


[Disclosure Timeline]
Vendor Notification: September 12, 2023
Vendor released fixed firmware TL-SG2210P(UN)_V5.20_5.20.1 Build 20240202:
February 29, 2024
March 1, 2024 : Public Disclosure
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/


Current thread:

  • JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318 Shaikh Shahnawaz (Mar 02)

文章来源: https://seclists.org/fulldisclosure/2024/Mar/9
如有侵权请联系:admin#unsafe.sh