github - ghsa-j36r-7x95-563x

ghsa-j36r-7x95-563x

Vulnerability from github

Published

2023-02-21 12:30

Modified

2023-03-02 18:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-0936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-404"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-21T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552.",
  "id": "GHSA-j36r-7x95-563x",
  "modified": "2023-03-02T18:30:31Z",
  "published": "2023-02-21T12:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0936"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.221552"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.221552"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-0936

Vulnerability from cvelistv5

Published

2023-02-21 09:24

Modified

2024-08-02 05:32

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

▼	URL	Tags
	https://vuldb.com/?id.221552	vdb-entry, technical-description, exploit
	https://vuldb.com/?ctiid.221552	signature

Impacted products

Vendor

Product

Version

▼

TP-Link

Archer C50

Version: V2_160801

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:32:45.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "exploit",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.221552"
          },
          {
            "tags": [
              "signature",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.221552"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Management Interface"
          ],
          "product": "Archer C50",
          "vendor": "TP-Link",
          "versions": [
            {
              "status": "affected",
              "version": "V2_160801"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "a2ure (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in TP-Link Archer C50 V2_160801 ausgemacht. Dies betrifft einen unbekannten Teil der Komponente Web Management Interface. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.1,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "CWE-404 Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T21:33:29.352Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description",
            "exploit"
          ],
          "url": "https://vuldb.com/?id.221552"
        },
        {
          "tags": [
            "signature"
          ],
          "url": "https://vuldb.com/?ctiid.221552"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-02-21T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-02-21T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-03-27T22:56:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TP-Link Archer C50 Web Management Interface denial of service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-0936",
    "datePublished": "2023-02-21T09:24:29.992Z",
    "dateReserved": "2023-02-21T09:22:35.190Z",
    "dateUpdated": "2024-08-02T05:32:45.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted