HIGH🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2015-3035

CVSS 7.5v3.1pub. 2015-04-22upd. 2026-04-21

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Tp Link Archer C5

    HW
    Tp-Link
    1.20
  • Tp Link Archer C5 Firmware

    OS
    Tp-Link
    < 150317
  • Tp Link Archer C7

    HW
    Tp-Link
    2
  • Tp Link Archer C7 Firmware

    OS
    Tp-Link
    < 150304
  • Tp Link Archer C8

    HW
    Tp-Link
    1
  • Tp Link Archer C8 Firmware

    OS
    Tp-Link
    < 150316
  • Tp Link Archer C9

    HW
    Tp-Link
    1
  • Tp Link Archer C9 Firmware

    OS
    Tp-Link
    < 150302
  • Tp Link Tl Wdr3500

    HW
    Tp-Link
    1
  • Tp Link Tl Wdr3500 Firmware

    OS
    Tp-Link
    < 150302
  • Tp Link Tl Wdr3600

    HW
    Tp-Link
    1
  • Tp Link Tl Wdr3600 Firmware

    OS
    Tp-Link
    < 150302
  • Tp Link Tl Wdr4300

    HW
    Tp-Link
    1
  • Tp Link Tl Wdr4300 Firmware

    OS
    Tp-Link
    < 150302
  • Tp Link Tl Wr740n

    HW
    Tp-Link
    5
  • Tp Link Tl Wr740n Firmware

    OS
    Tp-Link
    < 150312
  • Tp Link Tl Wr741nd

    HW
    Tp-Link
    5
  • Tp Link Tl Wr741nd Firmware

    OS
    Tp-Link
    < 150312
  • Tp Link Tl Wr841n

    HW
    Tp-Link
    109
  • Tp Link Tl Wr841nd

    HW
    Tp-Link
    109
  • Tp Link Tl Wr841nd Firmware

    OS
    Tp-Link
    < 150310
  • Tp Link Tl Wr841n Firmware

    OS
    Tp-Link
    < 150310

CISA KEV — detailsi

Vendori
TP-Link
Producti
Multiple Archer Devices
Added to KEVi
March 25, 2022
Remediation deadline (US Federal)i
April 15, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 15 kwietnia 2022
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2022-4498CRITICAL9.8ten sam produkt

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Auth...

CVE-2022-25073CRITICAL9.8ten sam produkt

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr...

CVE-2020-35575CRITICAL9.8ten sam produkt

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get fu...

CVE-2013-4654CRITICAL9.8ten sam produkt

Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..

CVE-2018-12575CRITICAL9.8ten sam produkt

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web i...