Lucene search
PRIOn knowledge basePRION:CVE-2020-10882HistoryMar 25, 2020 - 9:15 p.m.
Design/Logic Flaw
2020-03-2521:15:00
PRIOn knowledge base
www.prio-n.com
3
0.002 Low
EPSS
Percentile
57.4%
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ac1750_firmware | eq | 190726 |
Related
cvelist
cvelist
CVE-2020-10882
2020-03-25 19:15:23
CVE-2020-28347
2020-11-08 20:00:39
zdi
zdi
nvd
nvd
CVE-2020-10882
2020-03-25 21:15:11
CVE-2020-28347
2020-11-08 20:15:11
cve
cve
CVE-2020-10882
2020-03-25 21:15:11
CVE-2020-28347
2020-11-08 20:15:11
prion
prion
Code injection
2020-11-08 20:15:00
checkpoint_advisories
checkpoint_advisories
zdt
zdt
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution Exploit
2020-04-16 00:00:00
packetstorm
packetstorm
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
2020-04-15 00:00:00