← back
CVE-2015-3035

CVE-2015-3035

CVSS 7.5 HIGHEPSS 83.8%● KEVCWE-22
In short

TP-LINK routers with vulnerable firmware allow attackers to read any file on the device by using special path commands (../) in web requests. This exposes sensitive information like configuration files and user data stored on the router.

Technical detail

Directory traversal vulnerability in multiple TP-LINK router models (Archer C5/C7/C8/C9, TL-WDR and TL-WR series) allowing unauthenticated remote attackers to access arbitrary files via path traversal sequences (../) in the PATH_INFO parameter to the login/ endpoint. Exploitation requires no authentication and directly impacts confidentiality of stored data on the device.

Summary generated and translated by AI from the official description.
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
public PoCs found1
cve_referencepacketstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.htmlhttp://seclists.org/fulldisclosure/2015/Apr/26https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3035https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txthttp://www.securityfocus.com/archive/1/535240/100/0/threadedhttp://www.securityfocus.com/bid/74050http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmwarehttp://www.tp-link.com/en/download/Archer-C7_V2.html#Firmwarehttp://www.tp-link.com/en/download/Archer-C8_V1.html#Firmwarehttp://www.tp-link.com/en/download/Archer-C9_V1.html#Firmwarehttp://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmwarehttp://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware