CVE-2020-28877
high-risk
Published 2020-11-20
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.
Do I need to act?
-
0.46% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (15)
Wdr7400 Firmware
Wdr7500 Firmware
Wdr7660 Firmware
Wdr7800 Firmware
Wdr8400 Firmware
Wdr8500 Firmware
Wdr8600 Firmware
Wdr8620 Firmware
Wdr8640 Firmware
Wdr8660 Firmware
Wr880N Firmware
Wr886N Firmware
Wr890N Firmware
Wr882N Firmware
Wr708N Firmware
Affected Vendors
References (3)
Broken Link
https://github.com/peanuts62/TP-Link-poc
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/192112
Broken Link
https://github.com/peanuts62/TP-Link-poc
52
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
18/34 · Moderate