Details of VAR-202003-0263

ID

VAR-202003-0263

CVE

CVE-2020-10884

TITLE

TP-Link Archer A7 AC1750 Vulnerability in using hard-coded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-003494

DESCRIPTION

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652. Zero Day Initiative To this vulnerability ZDI-CAN-9652 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company

Trust: 2.79

sources: NVD: CVE-2020-10884 // JVNDB: JVNDB-2020-003494 // ZDI: ZDI-20-336 // CNVD: CNVD-2020-19935

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-19935

AFFECTED PRODUCTS

vendor:	tp link	model:	ac1750	scope:	eq	version:	190726	Trust: 1.0
vendor:	tp link	model:	ac 1750	scope:	eq	version:	190726	Trust: 0.8
vendor:	tp link	model:	archer a7	scope:	-	version:	-	Trust: 0.7
vendor:	tp link	model:	archer a7 ac1750	scope:	eq	version:	190726	Trust: 0.6

sources: ZDI: ZDI-20-336 // CNVD: CNVD-2020-19935 // JVNDB: JVNDB-2020-003494 // NVD: CVE-2020-10884

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10884
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-10884
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-003494
value:	HIGH
Trust: 0.8
ZDI:	CVE-2020-10884
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-19935
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202003-1608
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-10884
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003494
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-19935
severity:	HIGH
baseScore:	7.8
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-10884
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-10884
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-003494
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-10884
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-336 // CNVD: CNVD-2020-19935 // JVNDB: JVNDB-2020-003494 // CNNVD: CNNVD-202003-1608 // NVD: CVE-2020-10884 // NVD: CVE-2020-10884

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.8
problemtype:	CWE-321	Trust: 1.0

sources: JVNDB: JVNDB-2020-003494 // NVD: CVE-2020-10884

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202003-1608

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-1608

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003494

PATCH

title:	Top Page	url:	https://www.tp-link.com/br/	Trust: 0.8
title:	Patch for TP-Link Archer code execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/211375	Trust: 0.6
title:	TP-Link Archer A7 AC1750 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113014	Trust: 0.6

sources: CNVD: CNVD-2020-19935 // JVNDB: JVNDB-2020-003494 // CNNVD: CNNVD-202003-1608

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10884	Trust: 3.7
db:	ZDI	id:	ZDI-20-336	Trust: 3.1
db:	PACKETSTORM	id:	157255	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-003494	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9652	Trust: 0.7
db:	CNVD	id:	CNVD-2020-19935	Trust: 0.6
db:	EXPLOIT-DB	id:	48331	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-1608	Trust: 0.6

sources: ZDI: ZDI-20-336 // CNVD: CNVD-2020-19935 // JVNDB: JVNDB-2020-003494 // CNNVD: CNNVD-202003-1608 // NVD: CVE-2020-10884

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-20-336/	Trust: 2.4
url:	http://packetstormsecurity.com/files/157255/tp-link-archer-a7-c7-unauthenticated-lan-remote-code-execution.html	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10884	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10884	Trust: 0.8
url:	https://www.exploit-db.com/exploits/48331	Trust: 0.6

sources: JVNDB: JVNDB-2020-003494 // CNNVD: CNNVD-202003-1608 // NVD: CVE-2020-10884

CREDITS

Pedro Ribeiro and Radek Domanski of Team Flashback

Trust: 0.7

sources: ZDI: ZDI-20-336

SOURCES

db:	ZDI	id:	ZDI-20-336
db:	CNVD	id:	CNVD-2020-19935
db:	JVNDB	id:	JVNDB-2020-003494
db:	CNNVD	id:	CNNVD-202003-1608
db:	NVD	id:	CVE-2020-10884

LAST UPDATE DATE

2024-11-23T22:44:39.276000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-336	date:	2020-03-25T00:00:00
db:	CNVD	id:	CNVD-2020-19935	date:	2020-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-003494	date:	2020-04-17T00:00:00
db:	CNNVD	id:	CNNVD-202003-1608	date:	2020-04-17T00:00:00
db:	NVD	id:	CVE-2020-10884	date:	2024-11-21T04:56:17.143

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-336	date:	2020-03-25T00:00:00
db:	CNVD	id:	CNVD-2020-19935	date:	2020-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-003494	date:	2020-04-17T00:00:00
db:	CNNVD	id:	CNNVD-202003-1608	date:	2020-03-25T00:00:00
db:	NVD	id:	CVE-2020-10884	date:	2020-03-25T21:15:12.107