CVE-2023-22303

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-287
View all →

Vulnerability Description

TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and/or the product's settings may be altered with the privilege of the administrator.

Related Vulnerabilities

CVE-2007-4043

CRITICAL
CVSS:9.8(Critical)

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE:...

CWE-2872007

CVE-2007-6759

CRITICAL
CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.

CWE-2872007

CVE-2007-6760

CRITICAL
CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.

CWE-2872007

CVE-2009-2168

CRITICAL
CVSS:9.8(Critical)

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypas...

CWE-2872009

CVE-2009-2382

CRITICAL
CVSS:9.8(Critical)

admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.

CWE-2872009

CVE-2009-2422

CRITICAL
CVSS:9.8(Critical)

The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead o...

CWE-2872009