{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T22:22:06.745","vulnerabilities":[{"cve":{"id":"CVE-2020-10916","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2020-05-07T23:15:11.577","lastModified":"2024-11-21T04:56:21.810","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003."},{"lang":"es","value":"Esta vulnerabilidad permite a atacantes adyacentes a la red escalar privilegios en las instalaciones afectadas de Extensores de Wi-Fi TP-Link TL-WA855RE versiones de Firmware: 855rev4-up-ver1-0-1-P1[20191213-rel60361]. Aunque es requerida una autenticación para explotar esta vulnerabilidad, puede ser omitido el mecanismo de autenticación. El fallo específico se presenta dentro del proceso de configuración por primera vez. El problema resulta de una falta de comprobación apropiada en una petición de configuración por primera vez. Un atacante puede aprovechar esta vulnerabilidad para restablecer la contraseña de la cuenta del Administrador y ejecutar el código en el contexto del dispositivo. Fue ZDI-CAN-10003."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:S/C:P/I:P/A:P","baseScore":5.2,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":5.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tp-link:tl-wa855re_firmware:190408:*:*:*:*:*:*:*","matchCriteriaId":"BC478A2E-5E99-4879-ACE4-221791DC6772"},{"vulnerable":true,"criteria":"cpe:2.3:o:tp-link:tl-wa855re_firmware:191213:*:*:*:*:*:*:*","matchCriteriaId":"B08B46BF-FC4D-4C3C-B882-809701E9BC47"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tp-link:tl-wa855re:v4:*:*:*:*:*:*:*","matchCriteriaId":"4FF0EB36-D263-4877-A17F-2211CCD0DB56"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-553/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-553/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}