How severe is CVE-2020-10888?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2020-10888?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2020-10888 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664.

Related Vulnerabilities

CVE-2013-3096

MEDIUM

CVSS:5.9(Medium)

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability.

CWE-2872013

CVE-2013-5123

MEDIUM

CVSS:5.9(Medium)

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

CWE-2872013

CVE-2014-10067

MEDIUM

CVSS:5.9(Medium)

paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacke...

CWE-2872014

CVE-2016-2124

MEDIUM

CVSS:5.9(Medium)

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

CWE-2872016

CVE-2017-12196

MEDIUM

CVSS:5.9(Medium)

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header match...

CWE-2872017

CVE-2017-14117

MEDIUM

CVSS:5.9(Medium)

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remo...

CWE-2872017