CVE-2020-10884 HIGH

CVE-2020-10884

Vendor Tp-Link
Product Archer A7
Weakness CWE-321
Published March 25, 2020
Last update August 4, 2024

CVSS base score

8.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.

Key dates

02Disclosure timeline

March 25, 2020 CVE published
August 4, 2024 Record updated