TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC[+] twitter.com/_striv3r_[Vendor]Tp-Link (http://tp-link.com)[Product]JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201[Vulnerability Type]Improper Access Control[Affected Product Code Base]JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201[Affected Component]usermanagement, swtmactablecfg endpoints of webconsole[CVE Reference]CVE-2023-43318[Security Issue]TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allowsattackers to escalate privileges via modification of the 'tid' and 'usrlvl'values in GET requests.[Exploit/POC]N/A[Network Access]Remote[Severity]High[Disclosure Timeline]Vendor Notification: September 12, 2023Vendor released fixed firmware TL-SG2210P(UN)_V5.20_5.20.1 Build 20240202:February 29, 2024March 1, 2024 : Public Disclosure