exploitDog

CVE-2024-10523

Опубликовано: 04 нояб. 2024

Источник: nvd

CVSS3: 4.6

EPSS Низкий

Описание

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.

Ссылки

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0331
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:tapo_h100_firmware:*:*:*:*:*:*:*:*

Версия до 1.5.22 (исключая)

cpe:2.3:h:tp-link:tapo_h100:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00043

Низкий

4.6 Medium

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-rhh2-f22c-xh7f

CVSS3: 4.6

github

больше 1 года назад

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.

EPSS

Процентиль: 13%

0.00043

Низкий

4.6 Medium

CVSS3

Дефекты

CWE-312