// For flags

CVE-2023-43135

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

Existe una vulnerabilidad de acceso no autorizado en TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, que permite a los atacantes obtener información sensible del dispositivo sin autenticación, obtener tokens de usuario y, en última instancia, iniciar sesión en la administración del backend del dispositivo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-09-18 CVE Reserved
  • 2023-09-20 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • 2024-08-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tp-link
Search vendor "Tp-link"
 Tl-er5120g Firmware
Search vendor "Tp-link" for product "Tl-er5120g Firmware"
 2.0.0
Search vendor "Tp-link" for product "Tl-er5120g Firmware" and version "2.0.0"
build_210817
Affected
in Tp-link
Search vendor "Tp-link"
 Tl-er5120g
Search vendor "Tp-link" for product "Tl-er5120g"
 4.0
Search vendor "Tp-link" for product "Tl-er5120g" and version "4.0"
-
Safe