Details of VAR-202003-0265

ID

VAR-202003-0265

CVE

CVE-2020-10886

TITLE

TP-Link Archer A7 AC1750 operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-19943 // CNNVD: CNNVD-202003-1610

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662. TP-Link AC1750 The router has OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-9662 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company. The vulnerability stems from the failure of the program to correctly verify the string submitted by the user before making a system call

Trust: 2.79

sources: NVD: CVE-2020-10886 // JVNDB: JVNDB-2020-003547 // ZDI: ZDI-20-339 // CNVD: CNVD-2020-19943

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-19943

AFFECTED PRODUCTS

vendor:	tp link	model:	ac1750	scope:	eq	version:	190726	Trust: 1.0
vendor:	tp link	model:	ac 1750	scope:	eq	version:	190726	Trust: 0.8
vendor:	tp link	model:	archer a7	scope:	-	version:	-	Trust: 0.7
vendor:	tp link	model:	archer a7 ac1750	scope:	eq	version:	190726	Trust: 0.6

sources: ZDI: ZDI-20-339 // CNVD: CNVD-2020-19943 // JVNDB: JVNDB-2020-003547 // NVD: CVE-2020-10886

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10886
value:	CRITICAL
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-10886
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-003547
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2020-10886
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-19943
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202003-1610
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-10886
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003547
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-19943
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-10886
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-10886
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-003547
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-10886
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-339 // CNVD: CNVD-2020-19943 // JVNDB: JVNDB-2020-003547 // CNNVD: CNNVD-202003-1610 // NVD: CVE-2020-10886 // NVD: CVE-2020-10886

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2020-003547 // NVD: CVE-2020-10886

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1610

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-1610

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003547

PATCH

title:	AC1750 Wireless Dual Band Gigabit Router	url:	https://www.tp-link.com/us/home-networking/wifi-router/archer-c7/	Trust: 0.8
title:	Patch for TP-Link Archer A7 AC1750 operating system command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/211381	Trust: 0.6
title:	TP-Link Archer A7 AC1750 Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113016	Trust: 0.6

sources: CNVD: CNVD-2020-19943 // JVNDB: JVNDB-2020-003547 // CNNVD: CNNVD-202003-1610

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10886	Trust: 3.7
db:	ZDI	id:	ZDI-20-339	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-003547	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9662	Trust: 0.7
db:	CNVD	id:	CNVD-2020-19943	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-1610	Trust: 0.6

sources: ZDI: ZDI-20-339 // CNVD: CNVD-2020-19943 // JVNDB: JVNDB-2020-003547 // CNNVD: CNNVD-202003-1610 // NVD: CVE-2020-10886

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-20-339/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10886	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10886	Trust: 0.8

sources: JVNDB: JVNDB-2020-003547 // CNNVD: CNNVD-202003-1610 // NVD: CVE-2020-10886

CREDITS

F-Secure Labs - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro

Trust: 0.7

sources: ZDI: ZDI-20-339

SOURCES

db:	ZDI	id:	ZDI-20-339
db:	CNVD	id:	CNVD-2020-19943
db:	JVNDB	id:	JVNDB-2020-003547
db:	CNNVD	id:	CNNVD-202003-1610
db:	NVD	id:	CVE-2020-10886

LAST UPDATE DATE

2024-11-23T22:16:37.476000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-339	date:	2020-03-25T00:00:00
db:	CNVD	id:	CNVD-2020-19943	date:	2020-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-003547	date:	2020-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202003-1610	date:	2020-04-03T00:00:00
db:	NVD	id:	CVE-2020-10886	date:	2024-11-21T04:56:17.400

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-339	date:	2020-03-25T00:00:00
db:	CNVD	id:	CNVD-2020-19943	date:	2020-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-003547	date:	2020-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202003-1610	date:	2020-03-25T00:00:00
db:	NVD	id:	CVE-2020-10886	date:	2020-03-25T21:15:12.307