CVE-2015-3035

TP-Link Multiple Archer Devices Directory Traversal Vulnerability

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

Vulnerabilidad de salto de directorio en TP-LINK Archer C5 (1.2) con firmware anterior a 150317, C7 (2.0) con firmware anterior a 150304, y C8 (1.0) con firmware anterior a 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), y TL-WDR4300 (1.0) con firmware anterior a 150302, TL-WR740N (5.0) y TL-WR741ND (5.0) con firmware anterior a 150312, y TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), y TL-WR841ND (10.0) con firmware anterior a 150310 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en PATH_INFO en login/.

Multiple TP-LINK products suffer from a local file disclosure vulnerability.

Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2015-04-08 CVE Reserved
2015-04-10 CVE Published
2015-04-10 First Exploit
2022-03-25 Exploited in Wild
2022-04-15 KEV Due Date
2025-02-04 CVE Updated
2025-03-30 EPSS Updated

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (18)

URL	Tag	Source
http://www.securityfocus.com/archive/1/535240/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/74050	Vdb Entry

URL	Date	SRC
https://packetstorm.news/files/id/180649	2024-08-31
https://packetstorm.news/files/id/131378	2015-04-10
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html	2025-02-04
http://seclists.org/fulldisclosure/2015/Apr/26	2025-02-04
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt	2025-02-04

URL	Date	SRC
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware	2018-10-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tp-link Search vendor "Tp-link"	Tl-wr841n \(9.0\) Firmware Search vendor "Tp-link" for product "Tl-wr841n \(9.0\) Firmware"	*	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841n \(9.0\) Search vendor "Tp-link" for product "Tl-wr841n \(9.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr740n \(5.0\) Firmware Search vendor "Tp-link" for product "Tl-wr740n \(5.0\) Firmware"	<= 141217 Search vendor "Tp-link" for product "Tl-wr740n \(5.0\) Firmware" and version " <= 141217"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr740n \(5.0\) Search vendor "Tp-link" for product "Tl-wr740n \(5.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Archer C5 \(1.2\) Firmware Search vendor "Tp-link" for product "Archer C5 \(1.2\) Firmware"	<= 141126 Search vendor "Tp-link" for product "Archer C5 \(1.2\) Firmware" and version " <= 141126"	-	Affected	in	Tp-link Search vendor "Tp-link"	Archer C5 \(1.2\) Search vendor "Tp-link" for product "Archer C5 \(1.2\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841n \(10.0\) Firmware Search vendor "Tp-link" for product "Tl-wr841n \(10.0\) Firmware"	*	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841n \(10.0\) Search vendor "Tp-link" for product "Tl-wr841n \(10.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr741nd \(5.0\) Firmware Search vendor "Tp-link" for product "Tl-wr741nd \(5.0\) Firmware"	<= 141217 Search vendor "Tp-link" for product "Tl-wr741nd \(5.0\) Firmware" and version " <= 141217"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr741nd \(5.0\) Search vendor "Tp-link" for product "Tl-wr741nd \(5.0\)"	*	-	Affected
Tp-link Search vendor "Tp-link"	Tl-wdr3600 \(1.0\) Firmware Search vendor "Tp-link" for product "Tl-wdr3600 \(1.0\) Firmware"	<= 141022 Search vendor "Tp-link" for product "Tl-wdr3600 \(1.0\) Firmware" and version " <= 141022"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wdr3600 \(1.0\) Search vendor "Tp-link" for product "Tl-wdr3600 \(1.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Archer C7 \(2.0\) Firmware Search vendor "Tp-link" for product "Archer C7 \(2.0\) Firmware"	<= 141110 Search vendor "Tp-link" for product "Archer C7 \(2.0\) Firmware" and version " <= 141110"	-	Affected	in	Tp-link Search vendor "Tp-link"	Archer C7 \(2.0\) Search vendor "Tp-link" for product "Archer C7 \(2.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841nd \(10.0\) Firmware Search vendor "Tp-link" for product "Tl-wr841nd \(10.0\) Firmware"	150104 Search vendor "Tp-link" for product "Tl-wr841nd \(10.0\) Firmware" and version "150104"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841nd \(10.0\) Search vendor "Tp-link" for product "Tl-wr841nd \(10.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Archer C9 \(1.0\) Firmware Search vendor "Tp-link" for product "Archer C9 \(1.0\) Firmware"	<= 150122 Search vendor "Tp-link" for product "Archer C9 \(1.0\) Firmware" and version " <= 150122"	-	Affected	in	Tp-link Search vendor "Tp-link"	Archer C9 \(1.0\) Search vendor "Tp-link" for product "Archer C9 \(1.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841nd \(9.0\) Firmware Search vendor "Tp-link" for product "Tl-wr841nd \(9.0\) Firmware"	<= 150104 Search vendor "Tp-link" for product "Tl-wr841nd \(9.0\) Firmware" and version " <= 150104"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841nd \(9.0\) Search vendor "Tp-link" for product "Tl-wr841nd \(9.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Archer C8 \(1.0\) Firmware Search vendor "Tp-link" for product "Archer C8 \(1.0\) Firmware"	<= 141023 Search vendor "Tp-link" for product "Archer C8 \(1.0\) Firmware" and version " <= 141023"	-	Affected	in	Tp-link Search vendor "Tp-link"	Archer C8 \(1.0\) Search vendor "Tp-link" for product "Archer C8 \(1.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wdr4300 \(1.0\) Firmware Search vendor "Tp-link" for product "Tl-wdr4300 \(1.0\) Firmware"	<= 141113 Search vendor "Tp-link" for product "Tl-wdr4300 \(1.0\) Firmware" and version " <= 141113"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wdr4300 \(1.0\) Search vendor "Tp-link" for product "Tl-wdr4300 \(1.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wdr3500 \(1.0\) Firmware Search vendor "Tp-link" for product "Tl-wdr3500 \(1.0\) Firmware"	<= 141113 Search vendor "Tp-link" for product "Tl-wdr3500 \(1.0\) Firmware" and version " <= 141113"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wdr3500 \(1.0\) Search vendor "Tp-link" for product "Tl-wdr3500 \(1.0\)"	*	-	Safe