Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28368

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.

Published

2023-04-11T09:15:08.247

Last Modified

2025-02-10T21:15:15.867

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-1391

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tp-link	t2600g-28sq_firmware	20190530	Yes
Operating System	tp-link	t2600g-28sq_firmware	20200304	Yes
Hardware	tp-link	t2600g-28sq	1.0	No

References

https://jvn.jp/en/jp/JVN62420378/ Third Party Advisory ([email protected])
https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware Product ([email protected])
https://jvn.jp/en/jp/JVN62420378/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware Product (af854a3a-2127-422b-91ae-364da2661108)