CVE-2020-24363

Опубликовано: 31 авг. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 8.3

EPSS Средний

Описание

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.

Ссылки

http://malwrforensics.com/en/2020/08/31/cve-2020-24363-tl-wa855re-v5-advisory/
Third Party Advisory
https://pastebin.com/VjHM4UiA
Third Party Advisory
https://www.tp-link.com/us/support/download/tl-wa855re/#Firmware
Product
http://malwrforensics.com/en/2020/08/31/cve-2020-24363-tl-wa855re-v5-advisory/
Third Party Advisory
https://pastebin.com/VjHM4UiA
Third Party Advisory
https://www.tp-link.com/us/support/download/tl-wa855re/#Firmware
Product
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-24363
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:tl-wa855re_firmware:*:*:*:*:*:*:*:*

Версия до 200731 (исключая)

cpe:2.3:h:tp-link:tl-wa855re:v5:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.1107

Средний

8.8 High

CVSS3

8.3 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-339j-xv49-q5p7