CVE-2023-2759

Published: Jul 17, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: info@cert.vde.com (Secondary)

Description

A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.

Affected (1)

Products: Taphome: Core Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Taphome Core Firmware	Before 2023.2

Running on/with	Platform Versions
Taphome Core	All versions

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://claroty.com/team82/disclosure-dashboard/cve-2023-2759

Source: info@cert.vde.com

Third Party Advisory

https://claroty.com/team82/disclosure-dashboard/cve-2023-2759

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.