Lucene search

[email protected]NVD:CVE-2015-3035

HistoryApr 22, 2015 - 1:59 a.m.

CVE-2015-3035

2015-04-2201:59:02

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.878

Percentile

98.7%

JSON

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a … (dot dot) in the PATH_INFO to login/.

Affected configurations

Nvd

Node

tp-linktl-wr841n_\(9.0\)_firmware

AND

tp-linktl-wr841n_\(9.0\)Match-

Node

tp-linktl-wr740n_\(5.0\)_firmwareRange≤141217

AND

tp-linktl-wr740n_\(5.0\)Match-

Node

tp-linkarcher_c5_\(1.2\)_firmwareRange≤141126

AND

tp-linkarcher_c5_\(1.2\)Match-

Node

tp-linktl-wr841n_\(10.0\)_firmware

AND

tp-linktl-wr841n_\(10.0\)Match-

Node

tp-linktl-wr741nd_\(5.0\)_firmwareRange≤141217

AND

tp-linktl-wr741nd_\(5.0\)Match-

Node

tp-linktl-wdr3600_\(1.0\)_firmwareRange≤141022

AND

tp-linktl-wdr3600_\(1.0\)Match-

Node

tp-linkarcher_c7_\(2.0\)_firmwareRange≤141110

AND

tp-linkarcher_c7_\(2.0\)Match-

Node

tp-linktl-wr841nd_\(10.0\)_firmwareMatch150104

AND

tp-linktl-wr841nd_\(10.0\)Match-

Node

tp-linkarcher_c9_\(1.0\)_firmwareRange≤150122

AND

tp-linkarcher_c9_\(1.0\)Match-

Node

tp-linktl-wr841nd_\(9.0\)_firmwareRange≤150104

AND

tp-linktl-wr841nd_\(9.0\)Match-

Node

tp-linkarcher_c8_\(1.0\)_firmwareRange≤141023

AND

tp-linkarcher_c8_\(1.0\)Match-

Node

tp-linktl-wdr4300_\(1.0\)_firmwareRange≤141113

AND

tp-linktl-wdr4300_\(1.0\)Match-

Node

tp-linktl-wdr3500_\(1.0\)_firmwareRange≤141113

AND

tp-linktl-wdr3500_\(1.0\)Match-

References

packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html

seclists.org/fulldisclosure/2015/Apr/26

www.securityfocus.com/archive/1/535240/100/0/threaded

www.securityfocus.com/bid/74050

www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware

www.tp-link.com/en/download/Archer-C7_V2.html#Firmware

www.tp-link.com/en/download/Archer-C8_V1.html#Firmware

www.tp-link.com/en/download/Archer-C9_V1.html#Firmware

www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware

www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware

www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware

www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware

www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware

www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware

www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.878

Percentile

98.7%

JSON

Related for NVD:CVE-2015-3035

prion1 openvas2 nessus1 nuclei1 metasploit1 packetstorm2 securityvulns2 cvelist1 attackerkb1 cve1 cisa_kev1 rapid7blog1