Vulnerability Details : CVE-2023-28368
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.
Products affected by CVE-2023-28368
- cpe:2.3:o:tp-link:t2600g-28sq_firmware:20190530:*:*:*:*:*:*:*
- cpe:2.3:o:tp-link:t2600g-28sq_firmware:20200304:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28368
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28368
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.7
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.1
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-10 |
|
5.7
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.1
|
3.6
|
NIST |
CWE ids for CVE-2023-28368
-
The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-28368
-
https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware
Download for T2600G-28SQ | TP-LinkProduct
-
https://jvn.jp/en/jp/JVN62420378/
JVN#62420378: TP-Link T2600G-28SQ uses vulnerable SSH host keysThird Party Advisory
Jump to