CVE-2023-43318
HIGHTP-Link JetStream Smart Switch TL-SG2210P 5.0 - Privilege Escalation
Title source: llmDescription
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
Exploits (1)
References (3)
Core 3
Core References
Mailing List
http://seclists.org/fulldisclosure/2024/Mar/9
Mailing List, Third Party Advisory mailing-list
https://seclists.org/fulldisclosure/2024/Mar/9
Scores
CVSS v3
8.8
EPSS
0.0050
EPSS Percentile
66.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (1)
tp-link/tl-sg2210p_firmware
5.0 build_20211201
Published
Mar 06, 2024
Tracked Since
Feb 18, 2026