Search criteria
3 vulnerabilities found for t2600g-28sq_firmware by tp-link
FKIE_CVE-2023-28368
Vulnerability from fkie_nvd - Published: 2023-04-11 09:15 - Updated: 2025-02-10 21:15
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | t2600g-28sq_firmware | 20190530 | |
| tp-link | t2600g-28sq_firmware | 20200304 | |
| tp-link | t2600g-28sq | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:t2600g-28sq_firmware:20190530:*:*:*:*:*:*:*",
"matchCriteriaId": "54026FF9-55C5-4501-B05C-0D6C8C6BC108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tp-link:t2600g-28sq_firmware:20200304:*:*:*:*:*:*:*",
"matchCriteriaId": "D57EA613-F481-46AC-80C4-F851EC1C18CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:t2600g-28sq:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C69D673B-718C-47FB-AE3F-E503EFE4DBBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link L2 switch T2600G-28SQ firmware versions prior to \u0027T2600G-28SQ(UN)_V1_1.0.6 Build 20230227\u0027 uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained."
}
],
"id": "CVE-2023-28368",
"lastModified": "2025-02-10T21:15:15.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T09:15:08.247",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN62420378/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN62420378/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1391"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2023-28368 (GCVE-0-2023-28368)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-10 20:54
VLAI?
Summary
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.
Severity ?
5.7 (Medium)
CWE
- Use of weak credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Corporation Limited | T2600G-28SQ |
Affected:
firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227'
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN62420378/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:52:43.588129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:54:23.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "T2600G-28SQ",
"vendor": "TP-Link Corporation Limited",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027T2600G-28SQ(UN)_V1_1.0.6 Build 20230227\u0027"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TP-Link L2 switch T2600G-28SQ firmware versions prior to \u0027T2600G-28SQ(UN)_V1_1.0.6 Build 20230227\u0027 uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of weak credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware"
},
{
"url": "https://jvn.jp/en/jp/JVN62420378/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-28368",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:54:23.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28368 (GCVE-0-2023-28368)
Vulnerability from nvd – Published: 2023-04-11 00:00 – Updated: 2025-02-10 20:54
VLAI?
Summary
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.
Severity ?
5.7 (Medium)
CWE
- Use of weak credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Corporation Limited | T2600G-28SQ |
Affected:
firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227'
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN62420378/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:52:43.588129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:54:23.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "T2600G-28SQ",
"vendor": "TP-Link Corporation Limited",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027T2600G-28SQ(UN)_V1_1.0.6 Build 20230227\u0027"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TP-Link L2 switch T2600G-28SQ firmware versions prior to \u0027T2600G-28SQ(UN)_V1_1.0.6 Build 20230227\u0027 uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of weak credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware"
},
{
"url": "https://jvn.jp/en/jp/JVN62420378/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-28368",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-02-10T20:54:23.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}