Vulnerability Name: CVE-2015-3035 (CCN-102194) Assigned: 2015-02-19 Published: 2015-02-19 Updated: 2018-10-09 Summary: Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N 5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-22 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2015-3035 http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035) 20150410 SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035) 20150410 SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035) 74050 http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware Welcome to TP-LINK tplink-cve20153035-dir-traversal(102194) TP-LINK Local File Disclosure https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt Vulnerable Configuration: Configuration 1 :cpe:/o:tp-link:tl-wr841n_(9.0)_firmware:*:*:*:*:*:*:*:* AND cpe:/h:tp-link:tl-wr841n_(9.0):*:*:*:*:*:*:*:* Configuration 2 :cpe:/o:tp-link:tl-wr740n_(5.0)_firmware:*:*:*:*:*:*:*:* (Version <= 141217)AND cpe:/h:tp-link:tl-wr740n_(5.0):*:*:*:*:*:*:*:* Configuration 3 :cpe:/o:tp-link:archer_c5_(1.2)_firmware:*:*:*:*:*:*:*:* (Version <= 141126)AND cpe:/h:tp-link:archer_c5_(1.2):*:*:*:*:*:*:*:* Configuration 4 :cpe:/o:tp-link:tl-wr841n_(10.0)_firmware:*:*:*:*:*:*:*:* AND cpe:/h:tp-link:tl-wr841n_(10.0):*:*:*:*:*:*:*:* Configuration 5 :cpe:/o:tp-link:tl-wr741nd_(5.0)_firmware:*:*:*:*:*:*:*:* (Version <= 141217)AND cpe:/h:tp-link:tl-wr741nd_(5.0):*:*:*:*:*:*:*:* Configuration 6 :cpe:/o:tp-link:tl-wdr3600_(1.0)_firmware:*:*:*:*:*:*:*:* (Version <= 141022)AND cpe:/h:tp-link:tl-wdr3600_(1.0):*:*:*:*:*:*:*:* Configuration 7 :cpe:/o:tp-link:archer_c7_(2.0)_firmware:*:*:*:*:*:*:*:* (Version <= 141110)AND cpe:/h:tp-link:archer_c7_(2.0):*:*:*:*:*:*:*:* Configuration 8 :cpe:/o:tp-link:tl-wr841nd_(10.0)_firmware:150104:*:*:*:*:*:*:* AND cpe:/h:tp-link:tl-wr841nd_(10.0):*:*:*:*:*:*:*:* Configuration 9 :cpe:/o:tp-link:archer_c9_(1.0)_firmware:*:*:*:*:*:*:*:* (Version <= 150122)AND cpe:/h:tp-link:archer_c9_(1.0):*:*:*:*:*:*:*:* Configuration 10 :cpe:/o:tp-link:tl-wr841nd_(9.0)_firmware:*:*:*:*:*:*:*:* (Version <= 150104)AND cpe:/h:tp-link:tl-wr841nd_(9.0):*:*:*:*:*:*:*:* Configuration 11 :cpe:/o:tp-link:archer_c8_(1.0)_firmware:*:*:*:*:*:*:*:* (Version <= 141023)AND cpe:/h:tp-link:archer_c8_(1.0):*:*:*:*:*:*:*:* Configuration 12 :cpe:/o:tp-link:tl-wdr4300_(1.0)_firmware:*:*:*:*:*:*:*:* (Version <= 141113)AND cpe:/h:tp-link:tl-wdr4300_(1.0):*:*:*:*:*:*:*:* Configuration 13 :cpe:/o:tp-link:tl-wdr3500_(1.0)_firmware:*:*:*:*:*:*:*:* (Version <= 141113)AND cpe:/h:tp-link:tl-wdr3500_(1.0):*:*:*:*:*:*:*:* BACK
tp-link tl-wr841n (9.0) firmware *
tp-link tl-wr841n (9.0) *
tp-link tl-wr740n (5.0) firmware *
tp-link tl-wr740n (5.0) *
tp-link archer c5 (1.2) firmware *
tp-link archer c5 (1.2) *
tp-link tl-wr841n (10.0) firmware *
tp-link tl-wr841n (10.0) *
tp-link tl-wr741nd (5.0) firmware *
tp-link tl-wr741nd (5.0) *
tp-link tl-wdr3600 (1.0) firmware *
tp-link tl-wdr3600 (1.0) *
tp-link archer c7 (2.0) firmware *
tp-link archer c7 (2.0) *
tp-link tl-wr841nd (10.0) firmware 150104
tp-link tl-wr841nd (10.0) *
tp-link archer c9 (1.0) firmware *
tp-link archer c9 (1.0) *
tp-link tl-wr841nd (9.0) firmware *
tp-link tl-wr841nd (9.0) *
tp-link archer c8 (1.0) firmware *
tp-link archer c8 (1.0) *
tp-link tl-wdr4300 (1.0) firmware *
tp-link tl-wdr4300 (1.0) *
tp-link tl-wdr3500 (1.0) firmware *
tp-link tl-wdr3500 (1.0) *
Denotes that component is vulnerable