CVE-2023-28368

EPSS 0.04%
Published 11.04.2023 09:15:08
Last modified 10.02.2025 21:15:15
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Tp-link ≫ T2600g-28sq Firmware Version20190530

Tp-link ≫ T2600g-28sq Version1.0

Tp-link ≫ T2600g-28sq Firmware Version20200304

Tp-link ≫ T2600g-28sq Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.12

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-1391 Use of Weak Credentials

The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.

https://jvn.jp/en/jp/JVN62420378/

Third Party Advisory

https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-28368

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28368

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28368

EUVD