CVE-2023-22303

Name of the Vulnerable Software and Affected Versions TP-Link SG105PE versions prior to 1.0 1.0.0 Build 20221208

Description The issue is related to an authentication bypass vulnerability in the firmware of TP-Link SG105PE switches. This vulnerability is associated with weaknesses in the authentication procedure, which can be exploited by a remote attacker to bypass the authentication process. Under certain conditions, an attacker may impersonate an administrator of the product, potentially allowing them to obtain information and/or alter the product's settings with administrative privileges.

Recommendations For versions prior to 1.0 1.0.0 Build 20221208, update the firmware to a version that is 1.0 1.0.0 Build 20221208 or later to resolve the issue. As a temporary workaround, consider restricting access to the switch's administrative interface until the update can be applied.