CVE-2023-2759 HIGH

CVE-2023-2759: TAPHOME Improper Authentication in Core Platform

Vendor Taphome

Product Core Platform

Weakness CWE-863 · Incorrect authorization

Published July 17, 2023

Last update October 30, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.

Key dates

02Disclosure timeline

July 17, 2023 CVE published

October 30, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-2759 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2023-2759: TAPHOME Improper Authentication in Core Platform

01Description

02Disclosure timeline

03References

04Related CVE