A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.
References
Link | Resource |
---|---|
https://claroty.com/team82/disclosure-dashboard/cve-2023-2759 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
02 Oct 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 |
27 Jul 2023, 04:07
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://claroty.com/team82/disclosure-dashboard/cve-2023-2759 - Third Party Advisory | |
First Time |
Taphome core Firmware
Taphome Taphome core |
|
CPE | cpe:2.3:o:taphome:core_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:taphome:core:-:*:*:*:*:*:*:* |
17 Jul 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-17 07:15
Updated : 2024-10-02 06:15
NVD link : CVE-2023-2759
Mitre link : CVE-2023-2759
CVE.ORG link : CVE-2023-2759
JSON object : View
Products Affected
taphome
- core_firmware
- core
CWE
CWE-863
Incorrect Authorization