CVE-2015-3035 – TP-Link Multiple Archer Devices Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2015-3035
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. Vulnerabilidad de salto de directorio en TP-LINK Archer C5 (1.2) con firmware anterior a 150317, C7 (2.0) con firmware anterior a 150304, y C8 (1.0) con firmware anterior a 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), y TL-WDR4300 (1.0) con firmware anterior a 150302, TL-WR740N (5.0) y TL-WR741ND (5.0) con firmware anterior a 150312, y TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), y TL-WR841ND (10.0) con firmware anterior a 150310 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en PATH_INFO en login/. Multiple TP-LINK products suffer from a local file disclosure vulnerability. • http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html http://seclists.org/fulldisclosure/2015/Apr/26 http://www.securityfocus.com/archive/1/535240/100/0/threaded http://www.securityfocus.com/bid/74050 http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware http://www.tp-link.com/en/download/Archer-C9_V1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2012-6276 – TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-6276
Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. Vulnerabilidad de salto de directorio en el interfaz de gestión web del router TP-LINK TL-WR841N router con firmware v3.13.9 build 120201 Rel.54965n y anteriores, permite a atacantes remotos leer ficheros arbitrarios a través de un parámetro en la URL. • https://www.exploit-db.com/exploits/24504 http://www.kb.cert.org/vuls/id/185100 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2012-6316 – TP-LINK TL-WR841N 3.13.9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-6316
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. Múltiples vulnerabilidades de XSS en el router TP-LINK TL-WR841N con firmware 3.13.9 Build 120201 Rel.54965n y anteriores permiten a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) username o (2) pwd en userRpm/NoipDdnsRpm.htm. TP-LINK TL-WR841N versions 3.13.9 Build 120201 Rel.54965n and below suffer from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2012/Dec/93 http://www.securityfocus.com/bid/56602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5687 – TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-5687
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI. Una vulnerabilidad de salto de directorio en la función de administración web del Router TP-LINK TL-WR841N con firmware v3.13.9 build 120201 Rel.54965n y anteriores permite a atacantes remotos leer archivos de su elección a través de un .. (punto punto) en el PATH_INFO a la URI help/. • https://www.exploit-db.com/exploits/24504 http://archives.neohapsis.com/archives/bugtraq/2012-10/0154.html http://packetstormsecurity.org/files/117749/TP-LINK-TL-WR841N-Local-File-Inclusion.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79662 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •