Main Vulnerability Database Exploits ID:9088 - Exploit for Path traversal in TP-Link products - CVE-2015-3035

ID:9088 - Exploit for Path traversal in TP-Link products - CVE-2015-3035

Published: June 5, 2023

Vulnerability identifier: #VU57185

Vulnerability risk: Medium

CVE-ID: CVE-2015-3035

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Archer C9
Archer C5
Archer C7
Archer C8
TL-WDR3500
TL-WDR3600
TL-WDR4300
TL-WR740N
TL-WR741ND
TL-WR841N
TL-WR841ND

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/gather/tplink_archer_c7_traversal

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

Remediation

Install update from vendor's website.

ID:9088 - Exploit for Path traversal in TP-Link products - CVE-2015-3035

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human