Sign-up

ID

VAR-202003-0262


CVE

CVE-2020-10883


TITLE

TP-Link AC1750 Vulnerability in improperly assigning permissions to critical resources on routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-003546

DESCRIPTION

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651. TP-Link AC1750 A router contains a vulnerability in improper permission assignment for critical resources. Zero Day Initiative To this vulnerability ZDI-CAN-9651 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company. The file system in TP-Link Archer A7 using 190726 AC1750 version firmware has a security vulnerability

Trust: 2.88

sources: NVD: CVE-2020-10883 // JVNDB: JVNDB-2020-003546 // ZDI: ZDI-20-335 // CNVD: CNVD-2020-19936 // VULMON: CVE-2020-10883

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-19936

AFFECTED PRODUCTS

vendor:tp linkmodel:ac1750scope:eqversion:190726

Trust: 1.0

vendor:tp linkmodel:ac 1750scope:eqversion:190726

Trust: 0.8

vendor:tp linkmodel:archer a7scope: - version: -

Trust: 0.7

vendor:tp linkmodel:archer a7 ac1750scope:eqversion:190726

Trust: 0.6

sources: ZDI: ZDI-20-335 // CNVD: CNVD-2020-19936 // JVNDB: JVNDB-2020-003546 // NVD: CVE-2020-10883

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10883
value: HIGH

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10883
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003546
value: HIGH

Trust: 0.8

ZDI: CVE-2020-10883
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2020-19936
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-1607
value: HIGH

Trust: 0.6

VULMON: CVE-2020-10883
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-10883
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003546
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19936
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10883
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10883
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-003546
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-10883
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-335 // CNVD: CNVD-2020-19936 // VULMON: CVE-2020-10883 // JVNDB: JVNDB-2020-003546 // CNNVD: CNNVD-202003-1607 // NVD: CVE-2020-10883 // NVD: CVE-2020-10883

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.8

sources: JVNDB: JVNDB-2020-003546 // NVD: CVE-2020-10883

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-1607

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1607

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003546

PATCH
title:AC1750 Wireless Dual Band Gigabit Routerurl:https://www.tp-link.com/us/home-networking/wifi-router/archer-c7/
Trust: 0.8
title:Patch for TP Link Archer privilege elevation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/211371
Trust: 0.6
title:TP-Link Archer A7 AC1750 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113013
Trust: 0.6
title: - url:https://github.com/Live-Hack-CVE/CVE-2020-10883 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-19936 // 
            
            
            
            VULMON: CVE-2020-10883 // 
            
            
            
            JVNDB: JVNDB-2020-003546 // 
            
            
            
            CNNVD: CNNVD-202003-1607

EXTERNAL IDS
db:NVDid:CVE-2020-10883
Trust: 3.8
db:ZDIid:ZDI-20-335
Trust: 3.2
db:PACKETSTORMid:157255
Trust: 2.5
db:JVNDBid:JVNDB-2020-003546
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9651
Trust: 0.7
db:CNVDid:CNVD-2020-19936
Trust: 0.6
db:EXPLOIT-DBid:48331
Trust: 0.6
db:CNNVDid:CNNVD-202003-1607
Trust: 0.6
db:VULMONid:CVE-2020-10883
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-335 // 
            
            
            
            CNVD: CNVD-2020-19936 // 
            
            
            
            VULMON: CVE-2020-10883 // 
            
            
            
            JVNDB: JVNDB-2020-003546 // 
            
            
            
            CNNVD: CNNVD-202003-1607 // 
            
            
            
            NVD: CVE-2020-10883

REFERENCES
url:https://www.zerodayinitiative.com/advisories/zdi-20-335/
Trust: 2.5
url:http://packetstormsecurity.com/files/157255/tp-link-archer-a7-c7-unauthenticated-lan-remote-code-execution.html
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-10883
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10883
Trust: 0.8
url:https://www.exploit-db.com/exploits/48331
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/732.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2020-10883
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-10883 // 
            
            
            
            JVNDB: JVNDB-2020-003546 // 
            
            
            
            CNNVD: CNNVD-202003-1607 // 
            
            
            
            NVD: CVE-2020-10883

CREDITS
Pedro Ribeiro and Radek Domanski of Team Flashback
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-335

SOURCES
db:ZDIid:ZDI-20-335
db:CNVDid:CNVD-2020-19936
db:VULMONid:CVE-2020-10883
db:JVNDBid:JVNDB-2020-003546
db:CNNVDid:CNNVD-202003-1607
db:NVDid:CVE-2020-10883

LAST UPDATE DATE
2024-11-23T22:44:39.307000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-335date:2020-03-25T00:00:00
db:CNVDid:CNVD-2020-19936date:2020-03-29T00:00:00
db:VULMONid:CVE-2020-10883date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2020-003546date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1607date:2020-04-17T00:00:00
db:NVDid:CVE-2020-10883date:2024-11-21T04:56:17.020

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-335date:2020-03-25T00:00:00
db:CNVDid:CNVD-2020-19936date:2020-03-28T00:00:00
db:VULMONid:CVE-2020-10883date:2020-03-25T00:00:00
db:JVNDBid:JVNDB-2020-003546date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1607date:2020-03-25T00:00:00
db:NVDid:CVE-2020-10883date:2020-03-25T21:15:12.010