CVE-2023-28368

MEDIUM

TP-Link L2 switch T2600G-28SQ <V1_1.0.6 Build 20230227 - Open Redirect

Title source: llm

Description

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.

References (2)

[Third Party Advisory] https://jvn.jp/en/jp/JVN62420378/

[Product] https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware

Scores

CVSS v3 5.7

EPSS 0.0010

EPSS Percentile 26.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1391

Status published

Products (2)

tp-link/t2600g-28sq_firmware 20190530

tp-link/t2600g-28sq_firmware 20200304

Published Apr 11, 2023

Tracked Since Feb 18, 2026