Sign-up

ID

VAR-202003-1767


CVE

CVE-2020-10887


TITLE

TP-Link Archer A7 AC1750 Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-003487

DESCRIPTION

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663. Zero Day Initiative To this vulnerability ZDI-CAN-9663 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company

Trust: 2.79

sources: NVD: CVE-2020-10887 // JVNDB: JVNDB-2020-003487 // ZDI: ZDI-20-338 // CNVD: CNVD-2020-24409

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-24409

AFFECTED PRODUCTS

vendor:tp linkmodel:ac1750scope:eqversion:190726

Trust: 1.0

vendor:tp linkmodel:ac 1750scope:eqversion:190726

Trust: 0.8

vendor:tp linkmodel:archer a7scope: - version: -

Trust: 0.7

vendor:tp linkmodel:archer a7 ac1750scope:eqversion:190726

Trust: 0.6

sources: ZDI: ZDI-20-338 // CNVD: CNVD-2020-24409 // JVNDB: JVNDB-2020-003487 // NVD: CVE-2020-10887

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10887
value: CRITICAL

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10887
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-003487
value: CRITICAL

Trust: 0.8

ZDI: CVE-2020-10887
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-24409
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-1612
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10887
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003487
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-24409
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10887
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-10887
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-003487
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-10887
baseSeverity: HIGH
baseScore: 8.1
vectorString: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-338 // CNVD: CNVD-2020-24409 // JVNDB: JVNDB-2020-003487 // CNNVD: CNNVD-202003-1612 // NVD: CVE-2020-10887 // NVD: CVE-2020-10887

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-693

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2020-003487 // NVD: CVE-2020-10887

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1612

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1612

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003487

PATCH
title:Top Pageurl:https://www.tp-link.com/br/
Trust: 0.8
title:Patch for TP-Link Archer A7 AC1750 authorization issue vulnerability (CNVD-2020-24409)url:https://www.cnvd.org.cn/patchInfo/show/215093
Trust: 0.6
title:TP-Link Archer A7 AC1750 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113018
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-24409 // 
            
            
            
            JVNDB: JVNDB-2020-003487 // 
            
            
            
            CNNVD: CNNVD-202003-1612

EXTERNAL IDS
db:NVDid:CVE-2020-10887
Trust: 3.7
db:ZDIid:ZDI-20-338
Trust: 3.1
db:JVNDBid:JVNDB-2020-003487
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9663
Trust: 0.7
db:CNVDid:CNVD-2020-24409
Trust: 0.6
db:CNNVDid:CNNVD-202003-1612
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-338 // 
            
            
            
            CNVD: CNVD-2020-24409 // 
            
            
            
            JVNDB: JVNDB-2020-003487 // 
            
            
            
            CNNVD: CNNVD-202003-1612 // 
            
            
            
            NVD: CVE-2020-10887

REFERENCES
url:https://www.zerodayinitiative.com/advisories/zdi-20-338/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-10887
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10887
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-003487 // 
            
            
            
            CNNVD: CNNVD-202003-1612 // 
            
            
            
            NVD: CVE-2020-10887

CREDITS
F-Secure Labs - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-338

SOURCES
db:ZDIid:ZDI-20-338
db:CNVDid:CNVD-2020-24409
db:JVNDBid:JVNDB-2020-003487
db:CNNVDid:CNNVD-202003-1612
db:NVDid:CVE-2020-10887

LAST UPDATE DATE
2024-11-23T23:11:32.075000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-338date:2020-03-25T00:00:00
db:CNVDid:CNVD-2020-24409date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2020-003487date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1612date:2022-07-01T00:00:00
db:NVDid:CVE-2020-10887date:2024-11-21T04:56:17.523

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-338date:2020-03-25T00:00:00
db:CNVDid:CNVD-2020-24409date:2020-04-23T00:00:00
db:JVNDBid:JVNDB-2020-003487date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-202003-1612date:2020-03-25T00:00:00
db:NVDid:CVE-2020-10887date:2020-03-25T21:15:12.387