Vulnerabilities > CVE-2023-2759 - Incorrect Authorization vulnerability in Taphome Core Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

taphome

CWE-863

NVD

Published: 2023-07-17

Updated: 2024-10-02

Summary

A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Taphome Taphome Core Firmware -	1
Hardware	Taphome Taphome Core -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://claroty.com/team82/disclosure-dashboard/cve-2023-2759