Sign-up

ID

VAR-202003-0264


CVE

CVE-2020-10885


TITLE

TP-Link Archer A7 AC1750 Input verification vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-003495

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661. TP-Link Archer A7 AC1750 There is an input verification vulnerability in the firmware. Zero Day Initiative To this vulnerability ZDI-CAN-9661 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company. The vulnerability stems from the program's failure to properly verify the DNS response before further processing

Trust: 2.79

sources: NVD: CVE-2020-10885 // JVNDB: JVNDB-2020-003495 // ZDI: ZDI-20-337 // CNVD: CNVD-2020-19944

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-19944

AFFECTED PRODUCTS

vendor:tp linkmodel:ac1750scope:eqversion:190726

Trust: 1.0

vendor:tp linkmodel:ac 1750scope:eqversion:190726

Trust: 0.8

vendor:tp linkmodel:archer a7scope: - version: -

Trust: 0.7

vendor:tp linkmodel:archer a7 ac1750scope:eqversion:190726

Trust: 0.6

sources: ZDI: ZDI-20-337 // CNVD: CNVD-2020-19944 // JVNDB: JVNDB-2020-003495 // NVD: CVE-2020-10885

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10885
value: CRITICAL

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10885
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003495
value: CRITICAL

Trust: 0.8

ZDI: CVE-2020-10885
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-19944
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-1609
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10885
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003495
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19944
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10885
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10885
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-003495
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-10885
baseSeverity: HIGH
baseScore: 8.1
vectorString: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-337 // CNVD: CNVD-2020-19944 // JVNDB: JVNDB-2020-003495 // CNNVD: CNNVD-202003-1609 // NVD: CVE-2020-10885 // NVD: CVE-2020-10885

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-003495 // NVD: CVE-2020-10885

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1609

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202003-1609

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003495

PATCH
title:Top Pageurl:https://www.tp-link.com/br/
Trust: 0.8
title:Patch for TP Link Archer code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/211377
Trust: 0.6
title:TP-Link Archer A7 AC1750 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113015
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19944 // 
            
            
            
            JVNDB: JVNDB-2020-003495 // 
            
            
            
            CNNVD: CNNVD-202003-1609

EXTERNAL IDS
db:NVDid:CVE-2020-10885
Trust: 3.7
db:ZDIid:ZDI-20-337
Trust: 3.1
db:JVNDBid:JVNDB-2020-003495
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9661
Trust: 0.7
db:CNVDid:CNVD-2020-19944
Trust: 0.6
db:CNNVDid:CNNVD-202003-1609
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-337 // 
            
            
            
            CNVD: CNVD-2020-19944 // 
            
            
            
            JVNDB: JVNDB-2020-003495 // 
            
            
            
            CNNVD: CNNVD-202003-1609 // 
            
            
            
            NVD: CVE-2020-10885

REFERENCES
url:https://www.zerodayinitiative.com/advisories/zdi-20-337/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-10885
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10885
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-003495 // 
            
            
            
            CNNVD: CNNVD-202003-1609 // 
            
            
            
            NVD: CVE-2020-10885

CREDITS
Pedro Ribeiro and Radek Domanski of Team Flashback
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-337

SOURCES
db:ZDIid:ZDI-20-337
db:CNVDid:CNVD-2020-19944
db:JVNDBid:JVNDB-2020-003495
db:CNNVDid:CNNVD-202003-1609
db:NVDid:CVE-2020-10885

LAST UPDATE DATE
2024-11-23T22:41:09.842000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-337date:2020-03-25T00:00:00
db:CNVDid:CNVD-2020-19944date:2020-03-29T00:00:00
db:JVNDBid:JVNDB-2020-003495date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1609date:2020-04-01T00:00:00
db:NVDid:CVE-2020-10885date:2024-11-21T04:56:17.280

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-337date:2020-03-25T00:00:00
db:CNVDid:CNVD-2020-19944date:2020-03-28T00:00:00
db:JVNDBid:JVNDB-2020-003495date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1609date:2020-03-25T00:00:00
db:NVDid:CVE-2020-10885date:2020-03-25T21:15:12.200