CVE-2020-35575

CRITICAL

TP-Link WA901ND <3.16.9(201211) beta - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35575. PoCs published by dylvie.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2020-35575, a command injection vulnerability in TP-Link TL-WR841N routers. The exploit leverages a crafted HTTP POST request to execute arbitrary commands on the target device, demonstrating the vulnerability by reading the /etc/passwd file.

Description

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

Exploits (1)

nomisec WORKING POC 1 stars

by dylvie · poc

https://github.com/dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2020-35575, a command injection vulnerability in TP-Link TL-WR841N routers. The exploit leverages a crafted HTTP POST request to execute arbitrary commands on the target device, demonstrating the vulnerability by reading the /etc/passwd file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TP-Link TL-WR841N 0.9.1 4.0

Auth required

Prerequisites: Network access to the target device · Valid credentials for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://www.tp-link.com/us/security

Various Sources x_refsource_misc

https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip

Third Party Advisory x_refsource_misc

https://pastebin.com/F8AuUdck

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html

Scores

CVSS v3 9.8

EPSS 0.0764

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (27)

tp-link/archer_c5_firmware

tp-link/archer_c7_firmware

tp-link/mr3420_firmware

tp-link/mr6400_firmware

tp-link/wa701nd_firmware

tp-link/wa801nd_firmware

tp-link/wa901nd_firmware < 3.16.9\(201211\)_beta

tp-link/wdr3500_firmware

tp-link/wdr3600_firmware

tp-link/we843n_firmware

... and 17 more

Published Dec 26, 2020

Tracked Since Feb 18, 2026