CVE-2020-10883

MEDIUM Year: 2020
CVSS v3 Score
5.3
Medium
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-732
View all →

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.

Related Vulnerabilities

CVE-2011-2515

MEDIUM
CVSS:5.3(Medium)

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.

CWE-7322011

CVE-2011-4912

MEDIUM
CVSS:5.3(Medium)

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

CWE-7322011

CVE-2016-11062

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.

CWE-7322016

CVE-2017-0423

MEDIUM
CVSS:5.3(Medium)

An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitati...

CWE-7322017

CVE-2017-15906

MEDIUM
CVSS:5.3(Medium)

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

CWE-7322017

CVE-2017-16754

MEDIUM
CVSS:5.3(Medium)

Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.

CWE-7322017