CVE-2015-3035: TP-Link Multiple Archer Devices Directory Traversal Vulnerability
First published: Fri Apr 17 2015(Updated: )
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TP-Link Archer | ||
| All of | ||
| TP-Link TL-WR841N | ||
| TP-Link TL-WR841N | ||
| All of | ||
| Tp-link Tl-wr740n (5.0) Firmware | <=141217 | |
| TP-Link TL-WR740N | ||
| All of | ||
| Tp-link Archer C5 Firmware | <=141126 | |
| TP-Link Archer C5 (1.2) | ||
| All of | ||
| Tp-link Tl-wr841n (10.0) Firmware | ||
| TP-Link TL-WR841N | ||
| All of | ||
| Tp-link Tl-wr741nd Firmware | <=141217 | |
| TP-Link TL-WR741ND | ||
| All of | ||
| Tp-link Tl-wdr3600 (1.0) Firmware | <=141022 | |
| TP-Link TL-WDR3600 | ||
| All of | ||
| Tp-link Archer C7 Firmware | <=141110 | |
| TP-Link Archer C7 (2.0) | ||
| All of | ||
| Tp-link Tl-wr841nd (10.0) Firmware | =150104 | |
| TP-Link TL-WR841ND (10.0) | ||
| All of | ||
| Tp-link Archer C9 (1.0) Firmware | <=150122 | |
| TP-Link Archer C9 (1.0) | ||
| All of | ||
| Tp-link Tl-wr841nd (9.0) Firmware | <=150104 | |
| TP-Link TL-WR841ND (9.0) | ||
| All of | ||
| Tp-link Archer C8 (1.0) Firmware | <=141023 | |
| TP-Link Archer C8 | ||
| All of | ||
| Tp-link Tl-wdr4300 Firmware | <=141113 | |
| TP-Link TL-WDR4300 | ||
| All of | ||
| Tp-link Tl-wdr3500 (1.0) Firmware | <=141113 | |
| TP-Link TL-WDR3500 (1.0) | ||
| TP-Link TL-WR841N | ||
| TP-Link TL-WR841N | ||
| Tp-link Tl-wr740n (5.0) Firmware | <=141217 | |
| TP-Link TL-WR740N | ||
| Tp-link Archer C5 Firmware | <=141126 | |
| TP-Link Archer C5 (1.2) | ||
| Tp-link Tl-wr841n (10.0) Firmware | ||
| TP-Link TL-WR841N | ||
| Tp-link Tl-wr741nd Firmware | <=141217 | |
| TP-Link TL-WR741ND | ||
| Tp-link Tl-wdr3600 (1.0) Firmware | <=141022 | |
| TP-Link TL-WDR3600 | ||
| Tp-link Archer C7 Firmware | <=141110 | |
| TP-Link Archer C7 (2.0) | ||
| Tp-link Tl-wr841nd (10.0) Firmware | =150104 | |
| TP-Link TL-WR841ND (10.0) | ||
| Tp-link Archer C9 (1.0) Firmware | <=150122 | |
| TP-Link Archer C9 (1.0) | ||
| Tp-link Tl-wr841nd (9.0) Firmware | <=150104 | |
| TP-Link TL-WR841ND (9.0) | ||
| Tp-link Archer C8 (1.0) Firmware | <=141023 | |
| TP-Link Archer C8 | ||
| Tp-link Tl-wdr4300 Firmware | <=141113 | |
| TP-Link TL-WDR4300 | ||
| Tp-link Tl-wdr3500 (1.0) Firmware | <=141113 | |
| TP-Link TL-WDR3500 (1.0) | ||
| All of | ||
| All of | ||
| <=141217 | ||
| All of | ||
| <=141126 | ||
| All of | ||
| All of | ||
| <=141217 | ||
| All of | ||
| <=141022 | ||
| All of | ||
| <=141110 | ||
| All of | ||
| =150104 | ||
| All of | ||
| <=150122 | ||
| All of | ||
| <=150104 | ||
| All of | ||
| <=141023 | ||
| All of | ||
| <=141113 | ||
| All of | ||
| <=141113 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html
- http://seclists.org/fulldisclosure/2015/Apr/26
- http://www.securityfocus.com/archive/1/535240/100/0/threaded
- http://www.securityfocus.com/bid/74050
- http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware
- http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware
- http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware
- http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware
- http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware
- http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware
- http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware
- http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware
- http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware
- http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware
- http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt
- https://nvd.nist.gov/vuln/detail/CVE-2015-3035
Frequently Asked Questions
What is the severity of CVE-2015-3035?
CVE-2015-3035 has been classified with a high severity rating due to its potential to allow directory traversal attacks.
How do I fix CVE-2015-3035?
To mitigate CVE-2015-3035, update the firmware of affected TP-Link devices to the latest version that resolves this vulnerability.
What devices are affected by CVE-2015-3035?
CVE-2015-3035 impacts several TP-Link Archer and TL-WR devices with specific firmware versions prior to the recommended updates.
Can CVE-2015-3035 be exploited remotely?
Yes, CVE-2015-3035 can be exploited remotely by an attacker with knowledge of the vulnerability and proper techniques.
What are the potential impacts of CVE-2015-3035?
Exploitation of CVE-2015-3035 can lead to unauthorized access to sensitive files on the affected TP-Link devices.
- agent/type
- agent/description
- agent/title
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/first-publish-date
- agent/references
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- collector/nvd-index
- vendor/tp-link
- canonical/tp-link archer
- canonical/tp-link tl-wr841n
- canonical/tp-link tl-wr740n (5.0) firmware
- version/tp-link tl-wr740n (5.0) firmware/141217
- canonical/tp-link tl-wr740n
- canonical/tp-link archer c5 firmware
- version/tp-link archer c5 firmware/141126
- canonical/tp-link archer c5 (1.2)
- canonical/tp-link tl-wr841n (10.0) firmware
- canonical/tp-link tl-wr741nd firmware
- version/tp-link tl-wr741nd firmware/141217
- canonical/tp-link tl-wr741nd
- canonical/tp-link tl-wdr3600 (1.0) firmware
- version/tp-link tl-wdr3600 (1.0) firmware/141022
- canonical/tp-link tl-wdr3600
- canonical/tp-link archer c7 firmware
- version/tp-link archer c7 firmware/141110
- canonical/tp-link archer c7 (2.0)
- canonical/tp-link tl-wr841nd (10.0) firmware
- version/tp-link tl-wr841nd (10.0) firmware/150104
- canonical/tp-link tl-wr841nd (10.0)
- canonical/tp-link archer c9 (1.0) firmware
- version/tp-link archer c9 (1.0) firmware/150122
- canonical/tp-link archer c9 (1.0)
- canonical/tp-link tl-wr841nd (9.0) firmware
- version/tp-link tl-wr841nd (9.0) firmware/150104
- canonical/tp-link tl-wr841nd (9.0)
- canonical/tp-link archer c8 (1.0) firmware
- version/tp-link archer c8 (1.0) firmware/141023
- canonical/tp-link archer c8
- canonical/tp-link tl-wdr4300 firmware
- version/tp-link tl-wdr4300 firmware/141113
- canonical/tp-link tl-wdr4300
- canonical/tp-link tl-wdr3500 (1.0) firmware
- version/tp-link tl-wdr3500 (1.0) firmware/141113
- canonical/tp-link tl-wdr3500 (1.0)