CVE-2023-43135

Опубликовано: 20 сент. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

Ссылки

https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md
Exploit
Third Party Advisory
https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00091

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-hcgj-5w78-pg79

CVSS3: 9.8

github

больше 2 лет назад

BDU:2023-05959

CVSS3: 3.5

fstec