Unauthorized Access in TP-LINK ER5120G Router
CVE-2023-43135

9.8CRITICAL

Key Information:

Vendor: Tp-link
Status: Tl-er5120g Firmware
Vendor: CVE Published:; 20 September 2023

What is CVE-2023-43135?

An unauthorized access vulnerability exists in the TP-LINK ER5120G router, allowing attackers to gain sensitive information without requiring authentication. This flaw can lead to the exposure of user tokens, enabling unauthorized access to the backend management of the device. Consequently, attackers may exploit this vulnerability to manipulate device settings or access sensitive data. It is essential for users of the affected product to implement necessary security measures and follow best practices to mitigate potential risks.

References

https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Sep 18, 2023

Tp-link

What is CVE-2023-43135?

References

CVSS V3.1

Timeline