CVE-2015-3035
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
HIGH
7,8
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: none
Availability: none
Description
AI Translation Available
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9286
Percentile
1,0th
Updated
EPSS Score Trend (Last 75 Days)
22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
StableCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Modify Files Or Directories
Read Files Or Directories
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
AI/ML
Operating System
Archer C7 Firmware by Tp-Link
Version Range Affected
To
150304
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:archer_c7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wdr3500 Firmware by Tp-Link
Version Range Affected
To
150302
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wdr3500_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Archer C5 Firmware by Tp-Link
Version Range Affected
To
150317
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:archer_c5_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wr741Nd Firmware by Tp-Link
Version Range Affected
To
150312
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr741nd_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wr841Nd Firmware by Tp-Link
Version Range Affected
To
150310
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr841nd_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wr740N Firmware by Tp-Link
Version Range Affected
To
150312
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr740n_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wdr3600 Firmware by Tp-Link
Version Range Affected
To
150302
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wdr3600_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wr841N Firmware by Tp-Link
Version Range Affected
To
150310
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Archer C9 Firmware by Tp-Link
Version Range Affected
To
150302
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:archer_c9_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Archer C8 Firmware by Tp-Link
Version Range Affected
To
150316
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:archer_c8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Tl-Wdr4300 Firmware by Tp-Link
Version Range Affected
To
150302
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:tp-link:tl-wdr4300_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015…
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html
http://seclists.org/fulldisclosure/2015/Apr/26
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410…
http://www.securityfocus.com/archive/1/535240/100/0/threaded
http://www.securityfocus.com/bid/74050
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware
http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware
http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware
http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware
http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html
http://seclists.org/fulldisclosure/2015/Apr/26
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410…
http://www.securityfocus.com/archive/1/535240/100/0/threaded
http://www.securityfocus.com/bid/74050
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware
http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware
http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware
http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware
http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware