Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to TP-Link Corporation Limited - T2600G-28SQ

cve-2023-28368

Vulnerability from cvelistv5

Published

2023-04-11 00:00

Modified

2024-08-02 12:38

Severity ?

Summary

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.

References

▼	URL	Tags
	https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware
	https://jvn.jp/en/jp/JVN62420378/

Impacted products

▼	Vendor	Product
	TP-Link Corporation Limited	T2600G-28SQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:25.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN62420378/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "T2600G-28SQ",
          "vendor": "TP-Link Corporation Limited",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to \u0027T2600G-28SQ(UN)_V1_1.0.6 Build 20230227\u0027"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TP-Link L2 switch T2600G-28SQ firmware versions prior to \u0027T2600G-28SQ(UN)_V1_1.0.6 Build 20230227\u0027 uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use of weak credentials",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T00:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN62420378/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-28368",
    "datePublished": "2023-04-11T00:00:00",
    "dateReserved": "2023-03-15T00:00:00",
    "dateUpdated": "2024-08-02T12:38:25.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}