CVE-2015-3035

TP-Link Multiple Archer Devices Directory Traversal Vulnerability

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

Vulnerabilidad de salto de directorio en TP-LINK Archer C5 (1.2) con firmware anterior a 150317, C7 (2.0) con firmware anterior a 150304, y C8 (1.0) con firmware anterior a 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), y TL-WDR4300 (1.0) con firmware anterior a 150302, TL-WR740N (5.0) y TL-WR741ND (5.0) con firmware anterior a 150312, y TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), y TL-WR841ND (10.0) con firmware anterior a 150310 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en PATH_INFO en login/.

Multiple TP-LINK products suffer from a local file disclosure vulnerability.

Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-08 CVE Reserved
2015-04-10 CVE Published
2022-03-25 Exploited in Wild
2022-04-15 KEV Due Date
2024-07-17 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (16)

URL	Tag	Source
http://www.securityfocus.com/archive/1/535240/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/74050	Vdb Entry

URL	Date	SRC
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html	2024-08-06
http://seclists.org/fulldisclosure/2015/Apr/26	2024-08-06
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt	2024-08-06

URL	Date	SRC
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware	2018-10-09
http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware	2018-10-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tp-link Search vendor "Tp-link"	Tl-wr841n \(9.0\) Firmware Search vendor "Tp-link" for product "Tl-wr841n \(9.0\) Firmware"	*	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841n \(9.0\) Search vendor "Tp-link" for product "Tl-wr841n \(9.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr740n \(5.0\) Firmware Search vendor "Tp-link" for product "Tl-wr740n \(5.0\) Firmware"	<= 141217 Search vendor "Tp-link" for product "Tl-wr740n \(5.0\) Firmware" and version " <= 141217"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr740n \(5.0\) Search vendor "Tp-link" for product "Tl-wr740n \(5.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Archer C5 \(1.2\) Firmware Search vendor "Tp-link" for product "Archer C5 \(1.2\) Firmware"	<= 141126 Search vendor "Tp-link" for product "Archer C5 \(1.2\) Firmware" and version " <= 141126"	-	Affected	in	Tp-link Search vendor "Tp-link"	Archer C5 \(1.2\) Search vendor "Tp-link" for product "Archer C5 \(1.2\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841n \(10.0\) Firmware Search vendor "Tp-link" for product "Tl-wr841n \(10.0\) Firmware"	*	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841n \(10.0\) Search vendor "Tp-link" for product "Tl-wr841n \(10.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr741nd \(5.0\) Firmware Search vendor "Tp-link" for product "Tl-wr741nd \(5.0\) Firmware"	<= 141217 Search vendor "Tp-link" for product "Tl-wr741nd \(5.0\) Firmware" and version " <= 141217"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr741nd \(5.0\) Search vendor "Tp-link" for product "Tl-wr741nd \(5.0\)"	*	-	Affected
Tp-link Search vendor "Tp-link"	Tl-wdr3600 \(1.0\) Firmware Search vendor "Tp-link" for product "Tl-wdr3600 \(1.0\) Firmware"	<= 141022 Search vendor "Tp-link" for product "Tl-wdr3600 \(1.0\) Firmware" and version " <= 141022"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wdr3600 \(1.0\) Search vendor "Tp-link" for product "Tl-wdr3600 \(1.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Archer C7 \(2.0\) Firmware Search vendor "Tp-link" for product "Archer C7 \(2.0\) Firmware"	<= 141110 Search vendor "Tp-link" for product "Archer C7 \(2.0\) Firmware" and version " <= 141110"	-	Affected	in	Tp-link Search vendor "Tp-link"	Archer C7 \(2.0\) Search vendor "Tp-link" for product "Archer C7 \(2.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841nd \(10.0\) Firmware Search vendor "Tp-link" for product "Tl-wr841nd \(10.0\) Firmware"	150104 Search vendor "Tp-link" for product "Tl-wr841nd \(10.0\) Firmware" and version "150104"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841nd \(10.0\) Search vendor "Tp-link" for product "Tl-wr841nd \(10.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Archer C9 \(1.0\) Firmware Search vendor "Tp-link" for product "Archer C9 \(1.0\) Firmware"	<= 150122 Search vendor "Tp-link" for product "Archer C9 \(1.0\) Firmware" and version " <= 150122"	-	Affected	in	Tp-link Search vendor "Tp-link"	Archer C9 \(1.0\) Search vendor "Tp-link" for product "Archer C9 \(1.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841nd \(9.0\) Firmware Search vendor "Tp-link" for product "Tl-wr841nd \(9.0\) Firmware"	<= 150104 Search vendor "Tp-link" for product "Tl-wr841nd \(9.0\) Firmware" and version " <= 150104"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841nd \(9.0\) Search vendor "Tp-link" for product "Tl-wr841nd \(9.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Archer C8 \(1.0\) Firmware Search vendor "Tp-link" for product "Archer C8 \(1.0\) Firmware"	<= 141023 Search vendor "Tp-link" for product "Archer C8 \(1.0\) Firmware" and version " <= 141023"	-	Affected	in	Tp-link Search vendor "Tp-link"	Archer C8 \(1.0\) Search vendor "Tp-link" for product "Archer C8 \(1.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wdr4300 \(1.0\) Firmware Search vendor "Tp-link" for product "Tl-wdr4300 \(1.0\) Firmware"	<= 141113 Search vendor "Tp-link" for product "Tl-wdr4300 \(1.0\) Firmware" and version " <= 141113"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wdr4300 \(1.0\) Search vendor "Tp-link" for product "Tl-wdr4300 \(1.0\)"	*	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wdr3500 \(1.0\) Firmware Search vendor "Tp-link" for product "Tl-wdr3500 \(1.0\) Firmware"	<= 141113 Search vendor "Tp-link" for product "Tl-wdr3500 \(1.0\) Firmware" and version " <= 141113"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wdr3500 \(1.0\) Search vendor "Tp-link" for product "Tl-wdr3500 \(1.0\)"	*	-	Safe