First published: Sat Dec 26 2020(Updated: )
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tp-link Wa901nd Firmware | <3.16.9\(201211\)_beta | |
Tp-link Wa901nd | ||
Tp-link Archer C5 Firmware | ||
TP-Link Archer C5 | ||
Tp-link Archer C7 Firmware | ||
TP-Link Archer C7 | ||
Tp-link Mr3420 Firmware | ||
Tp-link Mr3420 | ||
Tp-link Mr6400 Firmware | ||
Tp-link Mr6400 | ||
Tp-link Wa701nd Firmware | ||
Tp-link Wa701nd | ||
Tp-link Wa801nd Firmware | ||
Tp-link Wa801nd | ||
Tp-link Wdr3500 Firmware | ||
Tp-link Wdr3500 | ||
Tp-link Wdr3600 Firmware | ||
Tp-link Wdr3600 | ||
Tp-link We843n Firmware | ||
Tp-link We843n | ||
Tp-link Wr1043nd Firmware | ||
Tp-link Wr1043nd | ||
Tp-link Wr1045nd Firmware | ||
Tp-link Wr1045nd | ||
Tp-link Wr740n Firmware | ||
TP-Link TL-WR740N V6 | ||
Tp-link Wr741nd Firmware | ||
Tp-link Wr741nd | ||
Tp-link Wr749n Firmware | ||
Tp-link Wr749n | ||
Tp-link Wr802n Firmware | ||
Tp-link Wr802n | ||
Tp-link Wr840n Firmware | ||
TP-Link WR840N | ||
Tp-link Wr841hp Firmware | ||
Tp-link Wr841hp | ||
Tp-link Wr841n Firmware | ||
Tp-link Wr841n | ||
Tp-link Wr842n Firmware | ||
Tp-link Wr842n | ||
Tp-link Wr842nd Firmware | ||
Tp-link Wr842nd | ||
Tp-link Wr845n Firmware | ||
TP-Link TL-WR845N | ||
Tp-link Wr940n Firmware | ||
TP-Link WR940N | ||
Tp-link Wr941hp Firmware | ||
Tp-link Wr941hp | ||
Tp-link Wr945n Firmware | ||
Tp-link Wr945n | ||
Tp-link Wr949n Firmware | ||
Tp-link Wr949n | ||
Tp-link Wrd4300 Firmware | ||
Tp-link Wrd4300 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35575 is a password-disclosure issue in the web interface on certain TP-Link devices that allows a remote attacker to gain full administrative access to the web panel.
TP-Link devices WA901ND, Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, and WR10 are affected by CVE-2020-35575.
CVE-2020-35575 has a severity rating of 9.8 (critical).
To fix CVE-2020-35575, update the firmware of the affected TP-Link devices to version 3.16.9(201211) beta or later.
More information about CVE-2020-35575 can be found at the following references: [1] http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html [2] https://pastebin.com/F8AuUdck [3] https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip