Details of VAR-202308-3910

ID

VAR-202308-3910

CVE

CVE-2023-38906

TITLE

TP-LINK Technologies of tapo and tapo l530e Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-022388

DESCRIPTION

An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. TP-LINK Technologies of tapo and tapo l530e There are unspecified vulnerabilities in the firmware.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2023-38906 // JVNDB: JVNDB-2023-022388

AFFECTED PRODUCTS

vendor:	tp link	model:	tapo l530e	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	tp link	model:	tapo	scope:	eq	version:	2.8.14	Trust: 1.0
vendor:	tp link	model:	tapo	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tapo l530e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-022388 // NVD: CVE-2023-38906

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-38906
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-38906
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2023-38906
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2023-38906
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-022388 // NVD: CVE-2023-38906

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-022388 // NVD: CVE-2023-38906

EXTERNAL IDS

db:	NVD	id:	CVE-2023-38906	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-022388	Trust: 0.8

sources: JVNDB: JVNDB-2023-022388 // NVD: CVE-2023-38906

REFERENCES

url:	https://arxiv.org/abs/2308.09019	Trust: 1.8
url:	https://www.scitepress.org/publicationsdetail.aspx?id=x/aubv7jrso=&t=1	Trust: 1.8
url:	https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/	Trust: 1.0
url:	https://www.scitepress.org/papers/2023/120929/120929.pdf	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-38906	Trust: 0.8

sources: JVNDB: JVNDB-2023-022388 // NVD: CVE-2023-38906

SOURCES

db:	JVNDB	id:	JVNDB-2023-022388
db:	NVD	id:	CVE-2023-38906

LAST UPDATE DATE

2024-08-14T14:54:35.586000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-022388	date:	2024-01-23T02:20:00
db:	NVD	id:	CVE-2023-38906	date:	2024-05-07T15:15:08.110

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-022388	date:	2024-01-23T00:00:00
db:	NVD	id:	CVE-2023-38906	date:	2023-08-22T00:15:07.920