CVE-2020-5797

Description


UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.

References


Exploit

Third Party Advisory

CvssV3 impact


BaseSeverity

MEDIUM

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

PHYSICAL

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

6.1

VectorString

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact


AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

3.6

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:N

Version

2.0

AccessVector

LOCAL

Authentication

NONE