Path traversal in TP-Link products - CVE-2015-3035
Published: October 11, 2021 / Updated: June 5, 2023
Vulnerability identifier: #VU57185
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2015-3035
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: TP-Link
Affected software:
Archer C9
Archer C5
Archer C7
Archer C8
TL-WDR3500
TL-WDR3600
TL-WDR4300
TL-WR740N
TL-WR741ND
TL-WR841ND
TL-WR841N
Archer C9
Archer C5
Archer C7
Archer C8
TL-WDR3500
TL-WDR3600
TL-WDR4300
TL-WR740N
TL-WR741ND
TL-WR841ND
TL-WR841N
Detailed vulnerability description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
How to mitigate CVE-2015-3035
Install update from vendor's website.
Sources
- http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html
- http://seclists.org/fulldisclosure/2015/Apr/26
- http://www.securityfocus.com/archive/1/535240/100/0/threaded
- http://www.securityfocus.com/bid/74050
- http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware
- http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware
- http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware
- http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware
- http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware
- http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware
- http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware
- http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware
- http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware
- http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware
- http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt