[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
Tp-Link (http://tp-link.com)
JetStream Smart Switch - TL-SG2210P
Incorrect Access Control (DOS)
JetStream Smart Switch - TL-SG2210P 5.0 Build 20211201
usermanagement, swtmactablecfg endpoints
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
A successful breach could grant improper admin controls, potentially compromising the system. Lower privilege users can access admin level endpoints via their own token ID.
CVE-2023-43318
Remote
High
Vendor Notification: September 12, 2023 Vendor released fixed firmware TL-SG2210P(UN)_V5.20_5.20.1 Build 20240202: February 29, 2024 March 1, 2024 : Public Disclosure