Vulnerability Name: CVE-2020-35575 (CCN-193873) Assigned: 2020-12-20 Published: 2020-12-20 Updated: 2021-09-07 Summary: A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2020-35575 http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html tplink-cve202035575-info-disc(193873) TP-Link TL-WR841N Command Injection TP-Link devices https://pastebin.com/F8AuUdck https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip Offensive Security Exploit Database [06-24-2021] TP-Link https://www.tp-link.com/us/security Vulnerable Configuration: Configuration 1 :cpe:/o:tp-link:wa901nd_firmware:*:*:*:*:*:*:*:* (Version < 3.16.9(201211)_beta)AND cpe:/h:tp-link:wa901nd:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:tp-link:archer_c5_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:archer_c5:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:archer_c7:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:tp-link:mr3420_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:mr3420:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:tp-link:mr6400_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:mr6400:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:tp-link:wa701nd_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wa701nd:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:tp-link:wa801nd_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wa801nd:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:tp-link:wdr3500_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wdr3500:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:tp-link:wdr3600_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wdr3600:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:tp-link:we843n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:we843n:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:tp-link:wr1043nd_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr1043nd:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:tp-link:wr1045nd_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr1045nd:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:tp-link:wr740n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr740n:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:tp-link:wr741nd_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr741nd:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:tp-link:wr749n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr749n:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:tp-link:wr802n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr802n:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:tp-link:wr840n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr840n:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:tp-link:wr841hp_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr841hp:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:tp-link:wr841n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr841n:-:*:*:*:*:*:*:* Configuration 20 :cpe:/o:tp-link:wr842n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr842n:-:*:*:*:*:*:*:* Configuration 21 :cpe:/o:tp-link:wr842nd_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr842nd:-:*:*:*:*:*:*:* Configuration 22 :cpe:/o:tp-link:wr845n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr845n:-:*:*:*:*:*:*:* Configuration 23 :cpe:/o:tp-link:wr940n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr940n:-:*:*:*:*:*:*:* Configuration 24 :cpe:/o:tp-link:wr941hp_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr941hp:-:*:*:*:*:*:*:* Configuration 25 :cpe:/o:tp-link:wr945n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr945n:-:*:*:*:*:*:*:* Configuration 26 :cpe:/o:tp-link:wr949n_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wr949n:-:*:*:*:*:*:*:* Configuration 27 :cpe:/o:tp-link:wrd4300_firmware:-:*:*:*:*:*:*:* AND cpe:/h:tp-link:wrd4300:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:tp-link:tl-wr940n:-:*:*:*:*:*:*:* OR cpe:/h:tp-link:tl-wr840n:-:*:*:*:*:*:*:* OR cpe:/h:tp-link:tl-wr841n:-:*:*:*:*:*:*:* OR cpe:/h:tp-link:archer_c7:-:*:*:*:*:*:*:* OR cpe:/h:tp-link:mr3420:-:*:*:*:*:*:*:* OR cpe:/h:tp-link:mr6400:-:*:*:*:*:*:*:* OR cpe:/h:tp-link:wa701nd:-:*:*:*:*:*:*:* OR cpe:/h:tp-link:wa801nd:-:*:*:*:*:*:*:* OR cpe:/h:tp-link:wdr3500:-:*:*:*:*:*:*:* OR cpe:/h:tp-link:wdr3600:-:*:*:*:*:*:*:* BACK
tp-link wa901nd firmware *
tp-link wa901nd -
tp-link archer c5 firmware -
tp-link archer c5 -
tp-link archer c7 firmware -
tp-link archer c7 -
tp-link mr3420 firmware -
tp-link mr3420 -
tp-link mr6400 firmware -
tp-link mr6400 -
tp-link wa701nd firmware -
tp-link wa701nd -
tp-link wa801nd firmware -
tp-link wa801nd -
tp-link wdr3500 firmware -
tp-link wdr3500 -
tp-link wdr3600 firmware -
tp-link wdr3600 -
tp-link we843n firmware -
tp-link we843n -
tp-link wr1043nd firmware -
tp-link wr1043nd -
tp-link wr1045nd firmware -
tp-link wr1045nd -
tp-link wr740n firmware -
tp-link wr740n -
tp-link wr741nd firmware -
tp-link wr741nd -
tp-link wr749n firmware -
tp-link wr749n -
tp-link wr802n firmware -
tp-link wr802n -
tp-link wr840n firmware -
tp-link wr840n -
tp-link wr841hp firmware -
tp-link wr841hp -
tp-link wr841n firmware -
tp-link wr841n -
tp-link wr842n firmware -
tp-link wr842n -
tp-link wr842nd firmware -
tp-link wr842nd -
tp-link wr845n firmware -
tp-link wr845n -
tp-link wr940n firmware -
tp-link wr940n -
tp-link wr941hp firmware -
tp-link wr941hp -
tp-link wr945n firmware -
tp-link wr945n -
tp-link wr949n firmware -
tp-link wr949n -
tp-link wrd4300 firmware -
tp-link wrd4300 -
tp-link tl-wr940n -
tp-link tl-wr840n -
tp-link tl-wr841n -
tp-link archer c7 -
tp-link mr3420 -
tp-link mr6400 -
tp-link wa701nd -
tp-link wa801nd -
tp-link wdr3500 -
tp-link wdr3600 -
Denotes that component is vulnerable