CVE-2023-28368

EPSS 0.04%
Veröffentlicht 11.04.2023 09:15:08
Zuletzt bearbeitet 10.02.2025 21:15:15
Quelle vultures@jpcert.or.jp
Teams Watchlist Login
Unerledigt Login

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ T2600g-28sq Firmware Version20190530

Tp-link ≫ T2600g-28sq Version1.0

Tp-link ≫ T2600g-28sq Firmware Version20200304

Tp-link ≫ T2600g-28sq Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.12

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-1391 Use of Weak Credentials

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

https://jvn.jp/en/jp/JVN62420378/

Third Party Advisory

https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-28368

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28368

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28368

EUVD