How severe is CVE-2023-28368?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2023-28368?

This is classified as CWE-1391, which is a common weakness in software security.

CVE-2023-28368 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.

Related Vulnerabilities

CVE-2025-22936

MEDIUM

CVSS:5.7(Medium)

An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generati...

CWE-13912025

CVE-2025-4057

MEDIUM

CVSS:5.5(Medium)

A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.

CWE-13912025

CVE-2023-3470

MEDIUM

CVSS:6.1(Medium)

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with T...

CWE-13912023

CVE-2024-21865

MEDIUM

CVSS:6.5(Medium)

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.

CWE-13912024

CVE-2024-42027

MEDIUM

CVSS:6.7(Medium)

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.

CWE-13912024

CVE-2024-40892

HIGH

CVSS:7.1(High)

A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision S...

CWE-13912024