Lucene search

[email protected]CVE-2020-10883

HistoryMar 25, 2020 - 9:15 p.m.

CVE-2020-10883

2020-03-2521:15:12

CWE-732

[email protected]

web.nvd.nist.gov

108

cve-2020-10883

tp-link archer a7

firmware ver: 190726

ac1750

privilege escalation

vulnerability

local attacker

file system

zdi-can-9651

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.4%

JSON

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.

Affected configurations

Vulners

NVD

Node

tp-linkarcher_a7Range≤190726

CPENameOperatorVersion
tp-link:ac1750_firmwaretp-link ac1750 firmwareeq190726

CPE	Name	Operator	Version
tp-link:ac1750_firmware	tp-link ac1750 firmware	eq	190726

CNA Affected

[
  {
    "product": "Archer A7",
    "vendor": "TP-Link",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware Ver: 190726"
      }
    ]
  }
]