Main Vulnerability Database Vulnerabilities #VU27462

Permissions, Privileges, and Access Controls in TL-WA855RE - CVE-2020-10916

Published: April 30, 2020

Vulnerability identifier: #VU27462

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-10916

CWE-ID: CWE-264

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
TL-WA855RE

Software vendor:
TP-Link

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists in "login.json" due to the lack of proper validation on first-time setup requests. A remote authenticated attacker on the local network can reset the password for the Admin account and execute arbitrary code in the context of the device.

Remediation

Install updates from vendor's website.

External links

https://www.zerodayinitiative.com/advisories/ZDI-20-553/

Permissions, Privileges, and Access Controls in TL-WA855RE - CVE-2020-10916

Description

Remediation

External links

Please verify you're human