First published: Tue Apr 11 2023(Updated: )
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Tp-link T2600g-28sq Firmware | =20190530 | |
Tp-link T2600g-28sq Firmware | =20200304 | |
Tp-link T2600g-28sq | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of TP-Link L2 switch T2600G-28SQ is CVE-2023-28368.
The severity of CVE-2023-28368 is medium with a CVSS score of 5.7.
The affected software versions of TP-Link L2 switch T2600G-28SQ are prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227'.
The vulnerability allows a fake device with a vulnerable SSH host key to spoof the affected device and trick the administrator in providing credentials.
To fix the vulnerability, upgrade the TP-Link L2 switch T2600G-28SQ firmware to version 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' or later.