| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability was found in TP-LINK HS-110. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in improper authentication. There is no exploit available. It is best practice to apply the suggested workaround.
Details
A vulnerability, which was classified as problematic, was found in TP-LINK HS-110 (unknown version). This affects an unknown code block. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was shared 11/24/2016 with Curesec Research Team as The HS-110 Smart Plug aka Projekt Kasa as not defined mailinglist post (Full-Disclosure). It is possible to read the advisory at seclists.org. The vendor was not involved in the public release. The exploitability is told to be easy. Access to the local network is required for this attack. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The advisory points out:
Using the known commands we were able to get complete control over the plug because there is no authentication method provided, as long as we are on a local network. So anyone who knows the IP of the Plug can compromise it A list of commands with a little control script in which the most interesting commands are implemented is in the Appendix.
The best possible mitigation is suggested to be Workaround. The mailinglist post contains the following remark:
TP-Link addressed the problem with the possible stealing of account data in another app version (currently at 1.3.3.593, 04.11.2016; tested was 1.2.4.583) by changing the communication protocol between plug and app to a custom one. However it is still possible to control the plug with the commands provided in this article it is not possible anymore to see login credentials.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
License
Website
- Vendor: https://www.tp-link.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.3
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: WorkaroundStatus: 🔍
0-Day Time: 🔍
Timeline
11/24/2016 🔍11/25/2016 🔍
06/10/2019 🔍
Sources
Vendor: tp-link.comAdvisory: The HS-110 Smart Plug aka Projekt Kasa
Organization: Curesec Research Team
Status: Not defined
GCVE (VulDB): GCVE-100-93819
Entry
Created: 11/25/2016 20:14Updated: 06/10/2019 09:45
Changes: 11/25/2016 20:14 (41), 06/10/2019 09:45 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.