Published:2023/01/11 Last Updated:2023/01/11
JVN#78481846
TP-Link SG105PE vulnerable to authentication bypass
Overview
TP-Link SG105PE contains an authentication bypass vulnerability.
Products Affected
- TP-Link SG105PE firmware prior to "TL-SG105PE(UN) 1.0_1.0.0 Build 20221208"
Description
TP-Link SG105PE contains an authentication bypass vulnerability (CWE-287).
Impact
Under certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and the product's settings may be altered with the privilege of the administrator.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
This vulnerability has been addressed in the firmware "TL-SG105PE(UN) 1.0_1.0.0 Build 20221208".
Vendor Status
| Vendor | Link |
| TP-Link | TL-SG105PE V1 contents (Text in Japanese) |
| Easy Smart Switches | TL-SG105PE |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score:
4.2
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
CVSS v2
AV:A/AC:M/Au:N/C:P/I:P/A:N
Base Score:
4.3
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Baba Takao of BPS Co., Ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-22303 |
| JVN iPedia |
JVNDB-2023-000003 |