CVE-2015-3035

HIGH KEV NUCLEI

TP-LINK Various - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/tplink_archer_c7_traversal.rb

View Code ZIP pw:eip

Nuclei Templates (1)

TP-LINK - Local File Inclusion

HIGHVERIFIEDby 0x_Akoko

Shodan: http.title:"TP-LINK" || http.title:"tp-link"

FOFA: title="tp-link"

References (17)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2015/Apr/26

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/535240/100/0/threaded

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74050

[Product] http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware

[Product] http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware

[Product] http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware

[Product] http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware

[Product] http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware

[Product] http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware

[Product] http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware

[Product] http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware

[Product] http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware

[Product] http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware

[Product] http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware

[Exploit, Not Applicable] https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3035

Scores

CVSS v3 7.5

EPSS 0.9313

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2022-03-25

VulnCheck KEV 2022-03-25

InTheWild.io 2022-03-25

ENISA EUVD EUVD-2015-3116

CWE

CWE-22

Status published

Products (25)

tp-link/archer_c5_\(1.2\)_firmware < 141126

tp-link/archer_c5_firmware < 150317

tp-link/archer_c7_\(2.0\)_firmware < 141110

tp-link/archer_c7_firmware < 150304

tp-link/archer_c8_\(1.0\)_firmware < 141023

tp-link/archer_c8_firmware < 150316

tp-link/archer_c9_\(1.0\)_firmware < 150122

tp-link/archer_c9_firmware < 150302

tp-link/tl-wdr3500_\(1.0\)_firmware < 141113

tp-link/tl-wdr3500_firmware < 150302

... and 15 more

Published Apr 22, 2015

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026