Main Vulnerability Database SB2020043018

SB2020043018 - Privilege escalation in TP-Link TL-WA855RE

Published: April 30, 2020

Security Bulletin ID SB2020043018

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-10916)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists in "login.json" due to the lack of proper validation on first-time setup requests. A remote authenticated attacker on the local network can reset the password for the Admin account and execute arbitrary code in the context of the device.

Remediation

Install update from vendor's website.

References

https://www.zerodayinitiative.com/advisories/ZDI-20-553/