CVE-2023-2760 — HIGH (7.6) — White Hats Nepal

Q: How severe is CVE-2023-2760?

CVE-2023-2760 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-2760?

Check the references section above for vendor advisories and patch information. Affected products include: Taphome Core Firmware, Taphome Core.

Vulnerability Description

An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.

CVSS Score

7.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Taphome	Core Firmware	< 2023.2
Taphome	Core	-

Related Weaknesses (CWE)

CWE-89

References

https://claroty.com/team82/disclosure-dashboard/cve-2023-2759Third Party Advisory
https://claroty.com/team82/disclosure-dashboard/cve-2023-2759Third Party Advisory

FAQ

What is CVE-2023-2760?

CVE-2023-2760 is a vulnerability with a CVSS score of 7.6 (HIGH). An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into a...

How severe is CVE-2023-2760?

CVE-2023-2760 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-2760?

Check the references section above for vendor advisories and patch information. Affected products include: Taphome Core Firmware, Taphome Core.