Details of VAR-202305-0927

ID

VAR-202305-0927

CVE

CVE-2023-2646

TITLE

TP-LINK Technologies of Archer C7 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-010426

DESCRIPTION

A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TP-LINK Technologies of Archer C7 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-2646 // JVNDB: JVNDB-2023-010426 // VULMON: CVE-2023-2646

AFFECTED PRODUCTS

vendor:	tp link	model:	archer c7	scope:	eq	version:	180114	Trust: 1.0
vendor:	tp link	model:	archer c7	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c7	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c7	scope:	eq	version:	archer c7 firmware 180114	Trust: 0.8

sources: JVNDB: JVNDB-2023-010426 // NVD: CVE-2023-2646

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2023-2646
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2023-2646
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-2646
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-2646
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202305-1020
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2023-2646
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:A/AC:L/AU:M/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

nvd@nist.gov:	CVE-2023-2646
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
cna@vuldb.com:	CVE-2023-2646
baseSeverity:	MEDIUM
baseScore:	4.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2023-2646
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-010426 // CNNVD: CNNVD-202305-1020 // NVD: CVE-2023-2646 // NVD: CVE-2023-2646 // NVD: CVE-2023-2646

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-404	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-010426 // NVD: CVE-2023-2646

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202305-1020

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-1020

PATCH

title:

TP-LINK Archer C7 Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=238553

Trust: 0.6

sources: CNNVD: CNNVD-202305-1020

EXTERNAL IDS

db:	NVD	id:	CVE-2023-2646	Trust: 3.3
db:	VULDB	id:	228775	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-010426	Trust: 0.8
db:	CNNVD	id:	CNNVD-202305-1020	Trust: 0.6
db:	VULMON	id:	CVE-2023-2646	Trust: 0.1

sources: VULMON: CVE-2023-2646 // JVNDB: JVNDB-2023-010426 // CNNVD: CNNVD-202305-1020 // NVD: CVE-2023-2646

REFERENCES

url:	https://vuldb.com/?id.228775	Trust: 2.5
url:	https://vuldb.com/?ctiid.228775	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2023-2646	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-2646/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/404.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-2646 // JVNDB: JVNDB-2023-010426 // CNNVD: CNNVD-202305-1020 // NVD: CVE-2023-2646

SOURCES

db:	VULMON	id:	CVE-2023-2646
db:	JVNDB	id:	JVNDB-2023-010426
db:	CNNVD	id:	CNNVD-202305-1020
db:	NVD	id:	CVE-2023-2646

LAST UPDATE DATE

2025-01-25T22:49:43.982000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-2646	date:	2023-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2023-010426	date:	2023-12-08T06:55:00
db:	CNNVD	id:	CNNVD-202305-1020	date:	2023-05-23T00:00:00
db:	NVD	id:	CVE-2023-2646	date:	2025-01-24T17:15:12.910

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-2646	date:	2023-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2023-010426	date:	2023-12-08T00:00:00
db:	CNNVD	id:	CNNVD-202305-1020	date:	2023-05-11T00:00:00
db:	NVD	id:	CVE-2023-2646	date:	2023-05-11T08:15:08.620