CVE-2023-2759
HIGHTapHome core_firmware < 2023.2 - Authenticated Incorrect Authorization via Hidden API
Title source: llmDescription
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.
References (1)
Core 1
Core References
Third Party Advisory
https://claroty.com/team82/disclosure-dashboard/cve-2023-2759
Scores
CVSS v3
8.8
EPSS
0.0046
EPSS Percentile
36.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (1)
taphome/core_firmware
< 2023.2
Published
Jul 17, 2023
Tracked Since
Feb 18, 2026