ZDI-20-340: (Pwn2Own) TP-Link Archer A7 SSH Port Forwarding Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TP-Link Archer A7 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-20-340?
The severity of ZDI-20-340 is considered critical due to its ability to bypass authentication on devices.
How do I fix ZDI-20-340?
To fix ZDI-20-340, update your TP-Link Archer A7 router to the latest firmware version provided by TP-Link.
Which devices are affected by ZDI-20-340?
ZDI-20-340 specifically affects TP-Link Archer A7 AC1750 routers.
What type of vulnerability is ZDI-20-340?
ZDI-20-340 is a remote authentication bypass vulnerability in TP-Link routers.
Can ZDI-20-340 be exploited remotely?
Yes, ZDI-20-340 can be exploited remotely without requiring authentication.
- agent/title
- agent/type
- agent/event
- agent/tags
- agent/softwarecombine
- collector/zdi-advisory
- alias/ZDI-20-340
- alias/ZDI-CAN-9664
- alias/CVE-2020-10888
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/description
- vendor/tp-link
- canonical/tp-link archer a7 firmware