Authentication Bypass in TP-Link SG105PE Switch Firmware
CVE-2023-22303
9.8CRITICAL
Summary
The firmware of the TP-Link SG105PE switch, prior to version TL-SG105PE(UN) 1.0_1.0.0 Build 20221208, is susceptible to an authentication bypass flaw. This vulnerability allows an unauthorized attacker to impersonate an administrator, potentially leading to unauthorized access to sensitive information and the ability to modify important device settings. It is crucial for users to upgrade to the latest firmware version to mitigate the associated risks.
Affected Version(s)
TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208'
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved