Main Vulnerability Database Vulnerabilities #VU26408

Protection Mechanism Failure in Archer A7 - CVE-2020-10887

Published: March 26, 2020

Vulnerability identifier: #VU26408

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-10887

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TP-Link

Affected software:
Archer A7

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures within the handling of IPv6 connections. An attacker can bypass implemented security restrictions andexecute arbitrary code on the system.

How to mitigate CVE-2020-10887

Install updates from vendor's website.

Sources

https://www.zerodayinitiative.com/advisories/ZDI-20-338/

Protection Mechanism Failure in Archer A7 - CVE-2020-10887

Detailed vulnerability description

How to mitigate CVE-2020-10887

Sources

Please verify you're human