// For flags

CVE-2020-10916

TP-Link TL-WA855RE login.json Improper Authentication Privilege Escalation Vulnerability

Severity Score

8.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003.

Esta vulnerabilidad permite a atacantes adyacentes a la red escalar privilegios en las instalaciones afectadas de Extensores de Wi-Fi TP-Link TL-WA855RE versiones de Firmware: 855rev4-up-ver1-0-1-P1[20191213-rel60361]. Aunque es requerida una autenticación para explotar esta vulnerabilidad, puede ser omitido el mecanismo de autenticación. El fallo específico se presenta dentro del proceso de configuración por primera vez. El problema resulta de una falta de comprobación apropiada en una petición de configuración por primera vez. Un atacante puede aprovechar esta vulnerabilidad para restablecer la contraseña de la cuenta del Administrador y ejecutar el código en el contexto del dispositivo. Fue ZDI-CAN-10003.

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device.

*Credits: Anonymous
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-03-24 CVE Reserved
  • 2020-04-28 CVE Published
  • 2024-05-14 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
References (1)
URL Tag Source
https://www.zerodayinitiative.com/advisories/ZDI-20-553 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tp-link
Search vendor "Tp-link"
 Tl-wa855re Firmware
Search vendor "Tp-link" for product "Tl-wa855re Firmware"
 190408
Search vendor "Tp-link" for product "Tl-wa855re Firmware" and version "190408"
-
Affected
in Tp-link
Search vendor "Tp-link"
 Tl-wa855re
Search vendor "Tp-link" for product "Tl-wa855re"
 v4
Search vendor "Tp-link" for product "Tl-wa855re" and version "v4"
-
Safe
Tp-link
Search vendor "Tp-link"
 Tl-wa855re Firmware
Search vendor "Tp-link" for product "Tl-wa855re Firmware"
 191213
Search vendor "Tp-link" for product "Tl-wa855re Firmware" and version "191213"
-
Affected
in Tp-link
Search vendor "Tp-link"
 Tl-wa855re
Search vendor "Tp-link" for product "Tl-wa855re"
 v4
Search vendor "Tp-link" for product "Tl-wa855re" and version "v4"
-
Safe