CVE-2020-10916

Name of the Vulnerable Software and Affected Versions TP-Link TL-WA855RE Firmware version 855rev4-up-ver1-0-1-P1[20191213-rel60361]

Description This issue allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Wi-Fi extenders. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process due to the lack of proper validation on first-time setup requests. An attacker can leverage this issue to reset the password for the Admin account and execute code in the context of the device.

Recommendations For TP-Link TL-WA855RE Firmware version 855rev4-up-ver1-0-1-P1[20191213-rel60361], as a temporary workaround, consider restricting access to the first-time setup process until a patch is available. Avoid using the vulnerable first-time setup feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.