CVE-2015-3035

CVSS V2 High 7.8 CVSS V3 None
Description
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Overview
  • CVE ID
  • CVE-2015-3035
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2015-04-22T01:59:02
  • Last Modified Date
  • 2018-10-09T19:56:39
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:tp-link:tl-wr841n_\(9.0\)_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:tp-link:tl-wr841n_\(9.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:tl-wr740n_\(5.0\)_firmware:*:*:*:*:*:*:*:* 1 OR 141217
cpe:2.3:h:tp-link:tl-wr740n_\(5.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:archer_c5_\(1.2\)_firmware:*:*:*:*:*:*:*:* 1 OR 141126
cpe:2.3:h:tp-link:archer_c5_\(1.2\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:tl-wr841n_\(10.0\)_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:tp-link:tl-wr841n_\(10.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:tl-wr741nd_\(5.0\)_firmware:*:*:*:*:*:*:*:* 1 OR 141217
cpe:2.3:h:tp-link:tl-wr741nd_\(5.0\):*:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:tp-link:tl-wdr3600_\(1.0\)_firmware:*:*:*:*:*:*:*:* 1 OR 141022
cpe:2.3:h:tp-link:tl-wdr3600_\(1.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:archer_c7_\(2.0\)_firmware:*:*:*:*:*:*:*:* 1 OR 141110
cpe:2.3:h:tp-link:archer_c7_\(2.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:tl-wr841nd_\(10.0\)_firmware:150104:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:tp-link:tl-wr841nd_\(10.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:archer_c9_\(1.0\)_firmware:*:*:*:*:*:*:*:* 1 OR 150122
cpe:2.3:h:tp-link:archer_c9_\(1.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:tl-wr841nd_\(9.0\)_firmware:*:*:*:*:*:*:*:* 1 OR 150104
cpe:2.3:h:tp-link:tl-wr841nd_\(9.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:archer_c8_\(1.0\)_firmware:*:*:*:*:*:*:*:* 1 OR 141023
cpe:2.3:h:tp-link:archer_c8_\(1.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:tl-wdr4300_\(1.0\)_firmware:*:*:*:*:*:*:*:* 1 OR 141113
cpe:2.3:h:tp-link:tl-wdr4300_\(1.0\):*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:tp-link:tl-wdr3500_\(1.0\)_firmware:*:*:*:*:*:*:*:* 1 OR 141113
cpe:2.3:h:tp-link:tl-wdr3500_\(1.0\):*:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 7.8
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.9
History
Created Old Value New Value Data Type Notes
2022-05-10 18:34:17 Added to TrackCVE
2022-12-02 04:29:35 2015-04-22T01:59Z 2015-04-22T01:59:02 CVE Published Date updated
2022-12-02 04:29:35 2018-10-09T19:56:39 CVE Modified Date updated
2022-12-02 04:29:35 Modified Vulnerability Status updated