CVE-2020-10916
TP-Link TL-WA855RE login.json Improper Authentication Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003.
Esta vulnerabilidad permite a atacantes adyacentes a la red escalar privilegios en las instalaciones afectadas de Extensores de Wi-Fi TP-Link TL-WA855RE versiones de Firmware: 855rev4-up-ver1-0-1-P1[20191213-rel60361]. Aunque es requerida una autenticación para explotar esta vulnerabilidad, puede ser omitido el mecanismo de autenticación. El fallo específico se presenta dentro del proceso de configuración por primera vez. El problema resulta de una falta de comprobación apropiada en una petición de configuración por primera vez. Un atacante puede aprovechar esta vulnerabilidad para restablecer la contraseña de la cuenta del Administrador y ejecutar el código en el contexto del dispositivo. Fue ZDI-CAN-10003.
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-24 CVE Reserved
- 2020-04-28 CVE Published
- 2024-05-14 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-20-553 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Tp-link Search vendor "Tp-link" | Tl-wa855re Firmware Search vendor "Tp-link" for product "Tl-wa855re Firmware" | 190408 Search vendor "Tp-link" for product "Tl-wa855re Firmware" and version "190408" | - |
Affected
| in | Tp-link Search vendor "Tp-link" | Tl-wa855re Search vendor "Tp-link" for product "Tl-wa855re" | v4 Search vendor "Tp-link" for product "Tl-wa855re" and version "v4" | - |
Safe
|
Tp-link Search vendor "Tp-link" | Tl-wa855re Firmware Search vendor "Tp-link" for product "Tl-wa855re Firmware" | 191213 Search vendor "Tp-link" for product "Tl-wa855re Firmware" and version "191213" | - |
Affected
| in | Tp-link Search vendor "Tp-link" | Tl-wa855re Search vendor "Tp-link" for product "Tl-wa855re" | v4 Search vendor "Tp-link" for product "Tl-wa855re" and version "v4" | - |
Safe
|