CVE-2023-43318

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
tp-linktl-sg2210p_firmware
5.0:build_20211201
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/str2ver/CVE-2023-43318/tree/main
https://seclists.org/fulldisclosure/2024/Mar/9
https://seclists.org/fulldisclosure/2024/Mar/9
https://github.com/str2ver/CVE-2023-43318/tree/main
https://seclists.org/fulldisclosure/2024/Mar/9
https://seclists.org/fulldisclosure/2024/Mar/9