Authentication Bypass in TP-Link USB Network Server TL-PS310U
CVE-2020-15055

8.8HIGH

Key Information:

Vendor: Tp-link
Status: Tl-ps310u Firmware
Vendor: CVE Published:; 7 August 2020

Summary

The TP-Link USB Network Server TL-PS310U has a design flaw that allows an attacker on the same network to exploit the web administration interface. By sending a request that omits a password parameter, unauthorized access can be achieved, making it critical for users to ensure the device is updated to version 2.079.000.t0210 or later to mitigate this risk.

References

https://research.hisolutions.com/2020/05/critical-vulnera...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2020
Vulnerability Reserved
Jun 25, 2020