Exploit for TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation CVE-2023-43318

Name: Exploit for TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation CVE-2023-43318
Rating: 5 (193 reviews)

2024-03-04 | CVSS 7.4

## https://sploitus.com/exploit?id=PACKETSTORM:177411
[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC  
[+] twitter.com/_striv3r_  
  
[Vendor]  
Tp-Link (http://tp-link.com)  
  
  
[Product]  
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201  
  
  
[Vulnerability Type]  
Improper Access Control  
  
  
[Affected Product Code Base]  
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201  
  
  
[Affected Component]  
usermanagement, swtmactablecfg endpoints of webconsole  
  
  
[CVE Reference]  
CVE-2023-43318  
  
  
[Security Issue]  
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows  
attackers to escalate privileges via modification of the 'tid' and 'usrlvl'  
values in GET requests.  
  
  
[Exploit/POC]  
N/A  
  
  
[Network Access]  
Remote  
  
  
[Severity]  
High  
  
  
[Disclosure Timeline]  
Vendor Notification: September 12, 2023  
Vendor released fixed firmware TL-SG2210P(UN)_V5.20_5.20.1 Build 20240202:  
February 29, 2024  
March 1, 2024 : Public Disclosure