CVE-2020-10883

Published: Mar 25, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.

Affected (1)

Products: Tp Link: Ac1750 Firmware

1 product

Ac1750 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Ac1750 Firmware	Version 190726

Running on/with	Platform Versions
Tp Link Ac1750	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

http://packetstormsecurity.com/files/157255/TP-Link-Archer-A7-C7-Unauthenticated-LAN-Remote-Code-Execution.html

Source: zdi-disclosures@trendmicro.com

ExploitThird Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-20-335/

Source: zdi-disclosures@trendmicro.com

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/157255/TP-Link-Archer-A7-C7-Unauthenticated-LAN-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-20-335/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.