Sign-up

ID

VAR-202003-0266


CVE

CVE-2020-10888


TITLE

TP-Link AC1750 Authentication vulnerabilities in routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-003548

DESCRIPTION

This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664. Zero Day Initiative To this vulnerability ZDI-CAN-9664 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company

Trust: 2.79

sources: NVD: CVE-2020-10888 // JVNDB: JVNDB-2020-003548 // ZDI: ZDI-20-340 // CNVD: CNVD-2020-19942

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-19942

AFFECTED PRODUCTS

vendor:tp linkmodel:ac1750scope:eqversion:190726

Trust: 1.0

vendor:tp linkmodel:ac 1750scope:eqversion:190726

Trust: 0.8

vendor:tp linkmodel:archer a7scope: - version: -

Trust: 0.7

vendor:tp linkmodel:archer a7 ac1750scope:eqversion:190726

Trust: 0.6

sources: ZDI: ZDI-20-340 // CNVD: CNVD-2020-19942 // JVNDB: JVNDB-2020-003548 // NVD: CVE-2020-10888

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10888
value: CRITICAL

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10888
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003548
value: CRITICAL

Trust: 0.8

ZDI: CVE-2020-10888
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2020-19942
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-1611
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10888
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003548
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19942
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10888
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10888
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-003548
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-10888
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-340 // CNVD: CNVD-2020-19942 // JVNDB: JVNDB-2020-003548 // CNNVD: CNNVD-202003-1611 // NVD: CVE-2020-10888 // NVD: CVE-2020-10888

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-003548 // NVD: CVE-2020-10888

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1611

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202003-1611

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003548

PATCH
title:AC1750 Wireless Dual Band Gigabit Routerurl:https://www.tp-link.com/us/home-networking/wifi-router/archer-c7/
Trust: 0.8
title:Patch for TP-Link Archer A7 AC1750 authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/211385
Trust: 0.6
title:TP-Link Archer A7 AC1750 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113017
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19942 // 
            
            
            
            JVNDB: JVNDB-2020-003548 // 
            
            
            
            CNNVD: CNNVD-202003-1611

EXTERNAL IDS
db:NVDid:CVE-2020-10888
Trust: 3.7
db:ZDIid:ZDI-20-340
Trust: 3.1
db:JVNDBid:JVNDB-2020-003548
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9664
Trust: 0.7
db:CNVDid:CNVD-2020-19942
Trust: 0.6
db:CNNVDid:CNNVD-202003-1611
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-340 // 
            
            
            
            CNVD: CNVD-2020-19942 // 
            
            
            
            JVNDB: JVNDB-2020-003548 // 
            
            
            
            CNNVD: CNNVD-202003-1611 // 
            
            
            
            NVD: CVE-2020-10888

REFERENCES
url:https://www.zerodayinitiative.com/advisories/zdi-20-340/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-10888
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10888
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-003548 // 
            
            
            
            CNNVD: CNNVD-202003-1611 // 
            
            
            
            NVD: CVE-2020-10888

CREDITS
F-Secure Labs - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-340

SOURCES
db:ZDIid:ZDI-20-340
db:CNVDid:CNVD-2020-19942
db:JVNDBid:JVNDB-2020-003548
db:CNNVDid:CNNVD-202003-1611
db:NVDid:CVE-2020-10888

LAST UPDATE DATE
2024-11-23T23:04:27.938000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-340date:2020-03-25T00:00:00
db:CNVDid:CNVD-2020-19942date:2020-03-29T00:00:00
db:JVNDBid:JVNDB-2020-003548date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1611date:2020-04-03T00:00:00
db:NVDid:CVE-2020-10888date:2024-11-21T04:56:17.657

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-340date:2020-03-25T00:00:00
db:CNVDid:CNVD-2020-19942date:2020-03-28T00:00:00
db:JVNDBid:JVNDB-2020-003548date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202003-1611date:2020-03-25T00:00:00
db:NVDid:CVE-2020-10888date:2020-03-25T21:15:12.463