CVE-2020-10884

Exploit

EPSS 29%
Published 25.03.2020 21:15:12
Last modified 21.11.2024 04:56:17
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Tp-link ≫ Ac1750 Firmware Version190726

Tp-link ≫ Ac1750 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	29%	0.964

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P
zdi-disclosures@trendmicro.com	8.1	2.8	5.2	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://packetstormsecurity.com/files/157255/TP-Link-Archer-A7-C7-Unauthenticated-LAN-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-20-336/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2020-10884

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10884

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10884

EUVD