PT-2024-2151 · Tp Link · Tp-Link Jetstream Smart Switch Tl-Sg2210P
Shaikh Shahnawaz
·
Published
2024-03-02
·
Updated
2024-08-01
·
CVE-2023-43318
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TP-Link JetStream Smart Switch TL-SG2210P version 5.0 Build 20211201
Description
The issue is related to improper access control, allowing attackers to escalate privileges via modification of the
tid and usrlvl values in GET requests. This can enable a remote attacker to gain elevated access.Recommendations
For TP-Link JetStream Smart Switch TL-SG2210P version 5.0 Build 20211201, as a temporary workaround, consider restricting access to the vulnerable API endpoints that accept
tid and usrlvl parameters in GET requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Access Control
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tp-Link Jetstream Smart Switch Tl-Sg2210P