Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2015-3035

Published: 22/04/2015 Updated: 09/10/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 695
Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Subscribe to Tl-wr841n \(9.0\) Firmware

Vulnerability Summary

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware prior to 150317, C7 (2.0) with firmware prior to 150304, and C8 (1.0) with firmware prior to 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware prior to 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware prior to 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware prior to 150310 allows remote malicious users to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

Vulnerable Product Search on Vulmon Subscribe to Product

tp-link tl-wr841n_\\(9.0\\)_firmware

tp-link tl-wr740n_\\(5.0\\)_firmware

tp-link archer_c5_\\(1.2\\)_firmware

tp-link tl-wr841n_\\(10.0\\)_firmware

tp-link tl-wr741nd_\\(5.0\\)_firmware

tp-link tl-wr741nd_\\(5.0\\)

tp-link tl-wdr3600_\\(1.0\\)_firmware

tp-link archer_c7_\\(2.0\\)_firmware

tp-link tl-wr841nd_\\(10.0\\)_firmware 150104

tp-link archer_c9_\\(1.0\\)_firmware

tp-link tl-wr841nd_\\(9.0\\)_firmware

tp-link archer_c8_\\(1.0\\)_firmware

tp-link tl-wdr4300_\\(1.0\\)_firmware

tp-link tl-wdr3500_\\(1.0\\)_firmware

Exploits

Exploit DB: TP-LINK Local File Disclosure
Multiple TP-LINK products suffer from a local file disclosure vulnerability ...

References

CWE-22https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txthttp://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmwarehttp://seclists.org/fulldisclosure/2015/Apr/26http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmwarehttp://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.htmlhttp://www.tp-link.com/en/download/Archer-C9_V1.html#Firmwarehttp://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmwarehttp://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmwarehttp://www.tp-link.com/en/download/Archer-C8_V1.html#Firmwarehttp://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmwarehttp://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmwarehttp://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmwarehttp://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmwarehttp://www.tp-link.com/en/download/Archer-C7_V2.html#Firmwarehttp://www.securityfocus.com/bid/74050http://www.securityfocus.com/archive/1/535240/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook