{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-43135", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2023-09-20T21:13:17.210802", "dateReserved": "2023-09-18T00:00:00", "datePublished": "2023-09-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-20T21:13:17.210802"}, "descriptions": [{"lang": "en", "value": "There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*", "matchCriteriaId": "A2B4D738-CDCE-4028-9E4D-79513861A6BD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C7DB8458-AF43-4317-804C-378552E528A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management."}, {"lang": "es", "value": "Existe una vulnerabilidad de acceso no autorizado en TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, que permite a los atacantes obtener informaci\u00f3n sensible del dispositivo sin autenticaci\u00f3n, obtener tokens de usuario y, en \u00faltima instancia, iniciar sesi\u00f3n en la administraci\u00f3n del backend del dispositivo."}], "id": "CVE-2023-43135", "lastModified": "2023-09-22T02:14:08.313", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-20T22:15:13.640", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}