Attackers Can Escalate Privileges via Modification of 'tid' and 'usrlvl' Values in GET Requests
CVE-2023-43318

8.8HIGH

Key Information:

Vendor

TP-Link
Status
Tl-sg2210p Firmware
Vendor
CVE Published:
6 March 2024

What is CVE-2023-43318?

The TP-Link JetStream Smart Switch TL-SG2210P version 5.0 Build 20211201 has a vulnerability that allows attackers to escalate their privileges by modifying specific parameters in GET requests. This improper access control can lead to unauthorized actions within the network environment, posing significant risks to the integrity and security of sensitive data. Admins should review configuration settings and apply best practices for access controls to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/str2ver/CVE-2023-43318/tree/main
https://seclists.org/fulldisclosure/2024/Mar/9
mailing-list
https://seclists.org/fulldisclosure/2024/Mar/9

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.