CVE-2023-43318

HIGH

TP-Link JetStream Smart Switch TL-SG2210P 5.0 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-43318. PoCs published by str2ver.

AI-analyzed exploit summary The repository provides a detailed technical writeup for CVE-2023-43318, an improper access control vulnerability in TP-Link JetStream Smart Switch TL-SG2210P v5.0. The vulnerability allows privilege escalation by manipulating 'tid' and 'usrlvl' values in GET requests to admin-level endpoints.

Description

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.

Exploits (1)

nomisec WRITEUP
by str2ver · poc
https://github.com/str2ver/CVE-2023-43318

The repository provides a detailed technical writeup for CVE-2023-43318, an improper access control vulnerability in TP-Link JetStream Smart Switch TL-SG2210P v5.0. The vulnerability allows privilege escalation by manipulating 'tid' and 'usrlvl' values in GET requests to admin-level endpoints.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TP-Link JetStream Smart Switch TL-SG2210P v5.0 Build 20211201
Auth required
Prerequisites: Access to a lower-privileged user account · Valid token ID
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0114
EPSS Percentile 62.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (1)
tp-link/tl-sg2210p_firmware 5.0 build_20211201
Published Mar 06, 2024
Tracked Since Feb 18, 2026