Exploited
7.8
CWE
22
Advisory Published
Updated

CVE-2015-3035: TP-Link Multiple Archer Devices Directory Traversal Vulnerability

First published: Fri Apr 17 2015(Updated: )

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
All of
Tp-link Tl-wr841n \(9.0\) Firmware
Tp-link Tl-wr841n \(9.0\)
All of
Tp-link Tl-wr740n \(5.0\) Firmware<=141217
Tp-link Tl-wr740n \(5.0\)
All of
Tp-link Archer C5 \(1.2\) Firmware<=141126
Tp-link Archer C5 \(1.2\)
All of
Tp-link Tl-wr841n \(10.0\) Firmware
Tp-link Tl-wr841n \(10.0\)
All of
Tp-link Tl-wr741nd \(5.0\) Firmware<=141217
Tp-link Tl-wr741nd \(5.0\)
All of
Tp-link Tl-wdr3600 \(1.0\) Firmware<=141022
Tp-link Tl-wdr3600 \(1.0\)
All of
Tp-link Archer C7 \(2.0\) Firmware<=141110
Tp-link Archer C7 \(2.0\)
All of
Tp-link Tl-wr841nd \(10.0\) Firmware=150104
Tp-link Tl-wr841nd \(10.0\)
All of
Tp-link Archer C9 \(1.0\) Firmware<=150122
Tp-link Archer C9 \(1.0\)
All of
Tp-link Tl-wr841nd \(9.0\) Firmware<=150104
Tp-link Tl-wr841nd \(9.0\)
All of
Tp-link Archer C8 \(1.0\) Firmware<=141023
Tp-link Archer C8 \(1.0\)
All of
Tp-link Tl-wdr4300 \(1.0\) Firmware<=141113
Tp-link Tl-wdr4300 \(1.0\)
All of
Tp-link Tl-wdr3500 \(1.0\) Firmware<=141113
Tp-link Tl-wdr3500 \(1.0\)
Tp-link Tl-wr841n \(9.0\) Firmware
Tp-link Tl-wr841n \(9.0\)
Tp-link Tl-wr740n \(5.0\) Firmware<=141217
Tp-link Tl-wr740n \(5.0\)
Tp-link Archer C5 \(1.2\) Firmware<=141126
Tp-link Archer C5 \(1.2\)
Tp-link Tl-wr841n \(10.0\) Firmware
Tp-link Tl-wr841n \(10.0\)
Tp-link Tl-wr741nd \(5.0\) Firmware<=141217
Tp-link Tl-wr741nd \(5.0\)
Tp-link Tl-wdr3600 \(1.0\) Firmware<=141022
Tp-link Tl-wdr3600 \(1.0\)
Tp-link Archer C7 \(2.0\) Firmware<=141110
Tp-link Archer C7 \(2.0\)
Tp-link Tl-wr841nd \(10.0\) Firmware=150104
Tp-link Tl-wr841nd \(10.0\)
Tp-link Archer C9 \(1.0\) Firmware<=150122
Tp-link Archer C9 \(1.0\)
Tp-link Tl-wr841nd \(9.0\) Firmware<=150104
Tp-link Tl-wr841nd \(9.0\)
Tp-link Archer C8 \(1.0\) Firmware<=141023
Tp-link Archer C8 \(1.0\)
Tp-link Tl-wdr4300 \(1.0\) Firmware<=141113
Tp-link Tl-wdr4300 \(1.0\)
Tp-link Tl-wdr3500 \(1.0\) Firmware<=141113
Tp-link Tl-wdr3500 \(1.0\)
TP-Link Multiple Archer Devices
All of
All of
<=141217
All of
<=141126
All of
All of
<=141217
All of
<=141022
All of
<=141110
All of
=150104
All of
<=150122
All of
<=150104
All of
<=141023
All of
<=141113
All of
<=141113

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203