CVE-2015-3035
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
HIGH
7,8
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: none
Availability: none
Description
AI Translation Available
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9286
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
StableCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Modify Files Or Directories
Read Files Or Directories
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
AI/ML
Operating System
Tl-Wr841N \(9.0\) Firmware by Tp-Link
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr841n_\(9.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wr841Nd \(10.0\) Firmware by Tp-Link
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr841nd_\(10.0\)_firmware:150104:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wr841Nd \(9.0\) Firmware by Tp-Link
Version Range Affected
To
150104
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr841nd_\(9.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Archer C7 \(2.0\) Firmware by Tp-Link
Version Range Affected
To
141110
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:archer_c7_\(2.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wr740N \(5.0\) Firmware by Tp-Link
Version Range Affected
To
141217
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr740n_\(5.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Archer C5 \(1.2\) Firmware by Tp-Link
Version Range Affected
To
141126
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:archer_c5_\(1.2\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wr741Nd \(5.0\) Firmware by Tp-Link
Version Range Affected
To
141217
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr741nd_\(5.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Archer C9 \(1.0\) Firmware by Tp-Link
Version Range Affected
To
150122
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:archer_c9_\(1.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Archer C8 \(1.0\) Firmware by Tp-Link
Version Range Affected
To
141023
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:archer_c8_\(1.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wdr4300 \(1.0\) Firmware by Tp-Link
Version Range Affected
To
141113
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wdr4300_\(1.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wr841N \(10.0\) Firmware by Tp-Link
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr841n_\(10.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Hardware
Tl-Wr741Nd \(5.0\) by Tp-Link
CPE Identifier
View Detailed Analysis
cpe:2.3:h:tp-link:tl-wr741nd_\(5.0\):-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wdr3600 \(1.0\) Firmware by Tp-Link
Version Range Affected
To
141022
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wdr3600_\(1.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wdr3500 \(1.0\) Firmware by Tp-Link
Version Range Affected
To
141113
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wdr3500_\(1.0\)_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015…
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html
http://seclists.org/fulldisclosure/2015/Apr/26
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410…
http://www.securityfocus.com/archive/1/535240/100/0/threaded
http://www.securityfocus.com/bid/74050
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware
http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware
http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware
http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware
http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html
http://seclists.org/fulldisclosure/2015/Apr/26
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410…
http://www.securityfocus.com/archive/1/535240/100/0/threaded
http://www.securityfocus.com/bid/74050
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware
http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware
http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware
http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware
http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware