Описание
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:tp-link:archer_c9_\(2.0\)_firmware:160517:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c9_\(2.0\):-:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13243
Средний
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-335
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
EPSS
Процентиль: 94%
0.13243
Средний
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-335