9.8

CVE-2020-28877

Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkWdr7400 Firmware Version-
   Tp-linkWdr7400 Version-
Tp-linkWdr7500 Firmware Version-
   Tp-linkWdr7500 Version-
Tp-linkWdr7660 Firmware Version-
   Tp-linkWdr7660 Version-
Tp-linkWdr7800 Firmware Version-
   Tp-linkWdr7800 Version-
Tp-linkWdr8400 Firmware Version-
   Tp-linkWdr8400 Version-
Tp-linkWdr8500 Firmware Version-
   Tp-linkWdr8500 Version-
Tp-linkWdr8600 Firmware Version-
   Tp-linkWdr8600 Version-
Tp-linkWdr8620 Firmware Version-
   Tp-linkWdr8620 Version-
Tp-linkWdr8640 Firmware Version-
   Tp-linkWdr8640 Version-
Tp-linkWdr8660 Firmware Version-
   Tp-linkWdr8660 Version-
Tp-linkWr880n Firmware Version-
   Tp-linkWr880n Version-
Tp-linkWr886n Firmware Version-
   Tp-linkWr886n Version-
Tp-linkWr890n Firmware Version-
   Tp-linkWr890n Version-
Tp-linkWr890n Firmware Version-
   Tp-linkWr890n Version-
Tp-linkWr882n Firmware Version-
   Tp-linkWr882n Version-
Tp-linkWr708n Firmware Version-
   Tp-linkWr708n Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.612
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.