critical
9.8
Advisory Published
Updated

CVE-2020-35575

First published: Sat Dec 26 2020(Updated: )

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
TP-Link TL-WA901ND Firmware<3.16.9\(201211\)_beta
TP-Link TL-WA901N
TP-Link Archer C5 Firmware
TP-Link Archer C5 Firmware
Tp-Link Archer C7 Firmware
Tp-Link Archer C7 Firmware
TP-Link MR3420
TP-Link MR3420 Firmware
TP-Link MR6400
TP-Link MR6400 Firmware
TP-Link WA701ND
Tp-link Wa701nd Firmware
TP-Link TL-WA801ND V1 Firmware
TP-Link TL-WA801ND
TP-Link WDR3500 Firmware
TP-Link TL-WDR3500
TP-Link TL-WDR3600 Firmware
TP-Link WDR3600 Firmware
TP-Link WE843N Firmware
TP-Link WE843N Firmware
TP-Link TL-WR1043ND
Tp-link Wr1043nd Firmware
TP-Link WR1045ND
TP-Link WR1045ND
TP-Link TL-WR740N Firmware
TP-Link TL-WR740N
TP-Link WR741ND Firmware
Tp-Link WR741ND Firmware
TP-Link WR749N
TP-Link WR749N
TP-Link TL-WR802N Firmware
TP-Link TL-WR802N
Tp-link Tl-wr840n Firmware
TP-LINK TL-WR840N
TP-Link WR841HP Firmware
TP-Link WR841HP Firmware
TP-Link TL-WR841ND Firmware
TP-Link TL-WR841N
TP-Link WR842ND Firmware
TP-Link WR842ND Firmware
TP-Link WR842ND Firmware
TP-Link WR842ND Firmware
TP-Link WR845N Firmware
TP-Link WR845N Firmware
TP-Link WR940N
TP-Link TL-WR940N
TP-Link WR941HP
TP-Link WR941HP Firmware
TP-Link WR945N
TP-Link WR945N Firmware
TP-Link WR949N Firmware
TP-Link WR949N Firmware
TP-Link TL-WDR4300
TP-Link TL-WDR4300

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-35575?

    CVE-2020-35575 is a password-disclosure issue in the web interface on certain TP-Link devices that allows a remote attacker to gain full administrative access to the web panel.

  • Which TP-Link devices are affected by CVE-2020-35575?

    TP-Link devices WA901ND, Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, and WR10 are affected by CVE-2020-35575.

  • How severe is CVE-2020-35575?

    CVE-2020-35575 has a severity rating of 9.8 (critical).

  • How can I fix CVE-2020-35575?

    To fix CVE-2020-35575, update the firmware of the affected TP-Link devices to version 3.16.9(201211) beta or later.

  • Where can I find more information about CVE-2020-35575?

    More information about CVE-2020-35575 can be found at the following references: [1] http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html [2] https://pastebin.com/F8AuUdck [3] https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203