Tp-Link Archer A7 vulnerabilities
8 known vulnerabilities affecting tp-link/archer_a7.
Total CVEs
8
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH3
Vulnerabilities
Page 1 of 1
CVE-2020-10884P2HIGHCVSS 8.8PoCvFirmware Ver: 1907262020-03-25
CVE-2020-10884 [HIGH] CWE-321 CVE-2020-10884: This vulnerability allows network-adjacent attackers execute arbitrary code on affected installation
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use
nvd
CVE-2020-10883P3HIGHCVSS 7.8PoCvFirmware Ver: 1907262020-03-25
CVE-2020-10883 [HIGH] CWE-732 CVE-2020-10883: This vulnerability allows local attackers to escalate privileges on affected installations of TP-Lin
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the
nvd
CVE-2020-10881P2CRITICALCVSS 9.8vFirmware Ver: 1907262020-03-25
CVE-2020-10881 [CRITICAL] CWE-121 CVE-2020-10881: This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-
nvd
CVE-2020-10885P2CRITICALCVSS 9.8vFirmware Ver: 1907262020-03-25
CVE-2020-10885 [CRITICAL] CWE-20 CVE-2020-10885: This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses pri
nvd
CVE-2020-10886P2CRITICALCVSS 9.8vFirmware Ver: 1907262020-03-25
CVE-2020-10886 [CRITICAL] CWE-78 CVE-2020-10886: This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper valid
nvd
CVE-2020-10888P2CRITICALCVSS 9.8vFirmware Ver: 1907262020-03-25
CVE-2020-10888 [CRITICAL] CWE-287 CVE-2020-10888: This vulnerability allows remote attackers to bypass authentication on affected installations of TP-
This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of p
nvd
CVE-2020-10887P2CRITICALCVSS 9.8vFirmware Ver: 1907262020-03-25
CVE-2020-10887 [CRITICAL] CWE-693 CVE-2020-10887: This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can l
nvd
CVE-2021-27245P3HIGHCVSS 8.1vprior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_2002202021-03-29
CVE-2021-27245 [HIGH] CWE-693 CVE-2021-27245: This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv
nvd