Unrated severityNVD Advisory· Published Apr 11, 2023· Updated Feb 10, 2025

CVE-2023-28368

Description

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

TP-Link/T2600G-28SQllm-create
Range: <1.0.6 Build 20230227
TP-Link Corporation Limited/T2600G-28SQv5
Range: firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227'

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000