First published: Sat Dec 26 2020(Updated: )
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TP-Link TL-WA901ND Firmware | <3.16.9\(201211\)_beta | |
TP-Link TL-WA901N | ||
TP-Link Archer C5 Firmware | ||
TP-Link Archer C5 Firmware | ||
Tp-Link Archer C7 Firmware | ||
Tp-Link Archer C7 Firmware | ||
TP-Link MR3420 | ||
TP-Link MR3420 Firmware | ||
TP-Link MR6400 | ||
TP-Link MR6400 Firmware | ||
TP-Link WA701ND | ||
Tp-link Wa701nd Firmware | ||
TP-Link TL-WA801ND V1 Firmware | ||
TP-Link TL-WA801ND | ||
TP-Link WDR3500 Firmware | ||
TP-Link TL-WDR3500 | ||
TP-Link TL-WDR3600 Firmware | ||
TP-Link WDR3600 Firmware | ||
TP-Link WE843N Firmware | ||
TP-Link WE843N Firmware | ||
TP-Link TL-WR1043ND | ||
Tp-link Wr1043nd Firmware | ||
TP-Link WR1045ND | ||
TP-Link WR1045ND | ||
TP-Link TL-WR740N Firmware | ||
TP-Link TL-WR740N | ||
TP-Link WR741ND Firmware | ||
Tp-Link WR741ND Firmware | ||
TP-Link WR749N | ||
TP-Link WR749N | ||
TP-Link TL-WR802N Firmware | ||
TP-Link TL-WR802N | ||
Tp-link Tl-wr840n Firmware | ||
TP-LINK TL-WR840N | ||
TP-Link WR841HP Firmware | ||
TP-Link WR841HP Firmware | ||
TP-Link TL-WR841ND Firmware | ||
TP-Link TL-WR841N | ||
TP-Link WR842ND Firmware | ||
TP-Link WR842ND Firmware | ||
TP-Link WR842ND Firmware | ||
TP-Link WR842ND Firmware | ||
TP-Link WR845N Firmware | ||
TP-Link WR845N Firmware | ||
TP-Link WR940N | ||
TP-Link TL-WR940N | ||
TP-Link WR941HP | ||
TP-Link WR941HP Firmware | ||
TP-Link WR945N | ||
TP-Link WR945N Firmware | ||
TP-Link WR949N Firmware | ||
TP-Link WR949N Firmware | ||
TP-Link TL-WDR4300 | ||
TP-Link TL-WDR4300 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35575 is a password-disclosure issue in the web interface on certain TP-Link devices that allows a remote attacker to gain full administrative access to the web panel.
TP-Link devices WA901ND, Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, and WR10 are affected by CVE-2020-35575.
CVE-2020-35575 has a severity rating of 9.8 (critical).
To fix CVE-2020-35575, update the firmware of the affected TP-Link devices to version 3.16.9(201211) beta or later.
More information about CVE-2020-35575 can be found at the following references: [1] http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html [2] https://pastebin.com/F8AuUdck [3] https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip