From c6b832fd2664d9b7e47debe45cb4a12dc23a6981 Mon Sep 17 00:00:00 2001 From: Jonathan Evans Date: Thu, 26 Mar 2020 08:52:58 -0400 Subject: [PATCH] Update CVE-2020-10887.json --- 2020/10xxx/CVE-2020-10887.json | 126 ++++++++++++++++----------------- 1 file changed, 62 insertions(+), 64 deletions(-) diff --git a/2020/10xxx/CVE-2020-10887.json b/2020/10xxx/CVE-2020-10887.json index 00604c8e831..01339225611 100644 --- a/2020/10xxx/CVE-2020-10887.json +++ b/2020/10xxx/CVE-2020-10887.json @@ -1,69 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2020-10887", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Archer A7", - "version": { - "version_data": [ - { - "version_value": "Firmware Ver: 190726" - } - ] - } - } - ] - }, - "vendor_name": "TP-Link" - } - ] - } - }, - "credit": "F-Secure Labs - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2020-10887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Archer A7", + "version": { + "version_data": [ { - "lang": "eng", - "value": "CWE-693: Protection Mechanism Failure" + "version_value": "Firmware Ver: 190726" } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-338/", - "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-338/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + ] + } + } + ] + }, + "vendor_name": "TP-Link" } + ] } -} \ No newline at end of file + }, + "credit": "F-Secure Labs - Mark Barnes, Toby Drew, Max Van Amerongen, and James Loureiro", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-338/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + } +}