CVE-2023-2759

A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:taphome:core_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:taphome:core:-:*:*:*:*:*:*:*

History

02 Oct 2024, 06:15

Type Values Removed Values Added
CWE CWE-287 CWE-863

27 Jul 2023, 04:07

Type Values Removed Values Added
References (MISC) https://claroty.com/team82/disclosure-dashboard/cve-2023-2759 - (MISC) https://claroty.com/team82/disclosure-dashboard/cve-2023-2759 - Third Party Advisory
First Time Taphome core Firmware
Taphome
Taphome core
CPE cpe:2.3:o:taphome:core_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:taphome:core:-:*:*:*:*:*:*:*

17 Jul 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-17 07:15

Updated : 2024-10-02 06:15


NVD link : CVE-2023-2759

Mitre link : CVE-2023-2759

CVE.ORG link : CVE-2023-2759


JSON object : View

Products Affected

taphome

  • core_firmware
  • core
CWE
CWE-863

Incorrect Authorization