SB2020043018 - Privilege escalation in TP-Link TL-WA855RE
Published: April 30, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-10916)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists in "login.json" due to the lack of proper validation on first-time setup requests. A remote authenticated attacker on the local network can reset the password for the Admin account and execute arbitrary code in the context of the device.
Remediation
Install update from vendor's website.