How severe is CVE-2023-44447?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-44447?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2023-44447 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529.

Related Vulnerabilities

CVE-2017-12095

MEDIUM

CVSS:6.5(Medium)

An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default crede...

CWE-2902017

CVE-2017-12096

MEDIUM

CVSS:6.5(Medium)

An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted net...

CWE-2902017

CVE-2019-10875

MEDIUM

CVSS:6.5(Medium)

A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query paramet...

CWE-2902019

CVE-2019-13709

MEDIUM

CVSS:6.5(Medium)

Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

CWE-2902019

CVE-2019-25023

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inje...

CWE-2902019

CVE-2019-3775

MEDIUM

CVSS:6.5(Medium)

Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a d...

CWE-2902019