A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.
References
Link | Resource |
---|---|
https://claroty.com/team82/disclosure-dashboard/cve-2023-2759 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: CERTVDE
Published: 2023-07-17T06:14:15.872Z
Updated: 2023-07-17T06:14:15.872Z
Reserved: 2023-05-17T14:21:49.140Z
Link: CVE-2023-2759
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-17T07:15:08.717
Modified: 2023-07-27T04:07:45.430
Link: CVE-2023-2759
JSON object: View
Redhat Information
No data.
CWE