CVE-2020-35575

CRITICAL

TP-Link WA901ND <3.16.9(201211) beta - Info Disclosure

Title source: llm

Description

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

Exploits (1)

nomisec WORKING POC 1 stars

by dylvie · poc

https://github.com/dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure

View Code ZIP pw:eip

References (4)

[Vendor Advisory] https://www.tp-link.com/us/security

[Various Sources] https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip

[Third Party Advisory] https://pastebin.com/F8AuUdck

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html

Scores

CVSS v3 9.8

EPSS 0.1879

EPSS Percentile 95.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (27)

tp-link/archer_c5_firmware

tp-link/archer_c7_firmware

tp-link/mr3420_firmware

tp-link/mr6400_firmware

tp-link/wa701nd_firmware

tp-link/wa801nd_firmware

tp-link/wa901nd_firmware < 3.16.9\(201211\)_beta

tp-link/wdr3500_firmware

tp-link/wdr3600_firmware

tp-link/we843n_firmware

... and 17 more

Published Dec 26, 2020

Tracked Since Feb 18, 2026