How severe is CVE-2020-10916?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2020-10916?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2020-10916 - HIGH Severity | CVSS 8

Vulnerability Description

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003.

Related Vulnerabilities

CVE-2020-18305

HIGH

CVSS:8.0(High)

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escala...

CWE-2872020

CVE-2021-41503

HIGH

CVSS:8.0(High)

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise th...

CWE-2872021

CVE-2025-27254

HIGH

CVSS:8.0(High)

Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that a...

CWE-2872025

CVE-2014-0927

HIGH

CVSS:8.1(High)

The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port ...

CWE-2872014

CVE-2014-3999

HIGH

CVSS:8.1(High)

The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.

CWE-2872014

CVE-2015-0102

HIGH

CVSS:8.1(High)

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission wit...

CWE-2872015