CVE-2014-7279

CRITICAL

Konke Smart Plug K - Info Disclosure

Title source: llm

Description

The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.

Exploits (1)

exploitdb WRITEUP
by gamehacker · textremotehardware
https://www.exploit-db.com/exploits/35103

References (1)

Scores

CVSS v3 9.8
EPSS 0.5790
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (1)
kankunit/konke_smart_plug_firmware k
Published Mar 23, 2017
Tracked Since Feb 18, 2026