Details of VAR-202308-4279

ID

VAR-202308-4279

CVE

CVE-2023-38908

TITLE

TP-LINK Technologies of tapo and tapo l530e Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-022387

DESCRIPTION

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. TP-LINK Technologies of tapo and tapo l530e There are unspecified vulnerabilities in the firmware.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2023-38908 // JVNDB: JVNDB-2023-022387

AFFECTED PRODUCTS

vendor:	tp link	model:	tapo l530e	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	tp link	model:	tapo	scope:	eq	version:	2.8.14	Trust: 1.0
vendor:	tp link	model:	tapo	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tapo l530e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-022387 // NVD: CVE-2023-38908

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-38908
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-38908
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2023-38908
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2023-38908
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-022387 // NVD: CVE-2023-38908

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-022387 // NVD: CVE-2023-38908

EXTERNAL IDS

db:	NVD	id:	CVE-2023-38908	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-022387	Trust: 0.8

sources: JVNDB: JVNDB-2023-022387 // NVD: CVE-2023-38908

REFERENCES

url:	https://arxiv.org/abs/2308.09019	Trust: 1.8
url:	https://arxiv.org/pdf/2308.09019.pdf	Trust: 1.8
url:	https://www.scitepress.org/publicationsdetail.aspx?id=x/aubv7jrso=&t=1	Trust: 1.8
url:	https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold/	Trust: 1.0
url:	https://www.scitepress.org/papers/2023/120929/120929.pdf	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-38908	Trust: 0.8

sources: JVNDB: JVNDB-2023-022387 // NVD: CVE-2023-38908

SOURCES

db:	JVNDB	id:	JVNDB-2023-022387
db:	NVD	id:	CVE-2023-38908

LAST UPDATE DATE

2024-08-14T14:16:59.643000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-022387	date:	2024-01-23T02:19:00
db:	NVD	id:	CVE-2023-38908	date:	2024-05-07T15:15:08.350

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-022387	date:	2024-01-23T00:00:00
db:	NVD	id:	CVE-2023-38908	date:	2023-08-22T01:15:08.153