Details of VAR-201504-0534

ID

VAR-201504-0534

CVE

CVE-2015-3035

TITLE

plural TP-LINK Directory traversal vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2015-002479

DESCRIPTION

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. plural TP-LINK The product contains a directory traversal vulnerability.By a third party .. of PATH_INFO Any file may be read via. TP-Link is a well-known supplier of network and communication equipment. Allows an attacker to exploit this vulnerability to obtain sensitive information and initiate further attacks. TP-LINK Archer C5, etc. are all wireless router products of China Pulian (TP-LINK) company. A remote attacker can use the directory traversal character '..' to exploit this vulnerability to read arbitrary files. The following products and versions are affected: TP-LINK Archer C5 (hardware version: version 1.2) using firmware earlier than 150317, C7 (hardware version: version 2.0) using firmware earlier than 150304, C8 (hardware version) using firmware earlier than 150316 Version: Version 1.0), Archer C9 (Hardware Version: Version 1.0), TL-WDR3500 (Hardware Version: Version 1.0), TL-WDR3600 (Hardware Version: Version 1.0), TL-WDR4300 (Hardware Version : version 1.0); TL-WR740N (hardware version: version 5.0) and TL-WR741ND (hardware version: version 5.0) with firmware version earlier than 150312; TL-WR841N (hardware version: version 9.0) with firmware version earlier than 150310, TL-WR841N (hardware version: version 10.0), TL-WR841ND (hardware version: version 9.0)

Trust: 2.61

sources: NVD: CVE-2015-3035 // JVNDB: JVNDB-2015-002479 // CNVD: CNVD-2015-02404 // BID: 74050 // VULHUB: VHN-80996 // VULMON: CVE-2015-3035

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02404

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr841nd \	scope:	eq	version:	150104	Trust: 2.2
vendor:	tp link	model:	tl-wr841n \	scope:	eq	version:	*	Trust: 2.0
vendor:	tp link	model:	tl-wdr4300 \	scope:	lte	version:	141113	Trust: 1.0
vendor:	tp link	model:	archer c5 \	scope:	lte	version:	141126	Trust: 1.0
vendor:	tp link	model:	tl-wr741nd \	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	tl-wr841nd \	scope:	lte	version:	150104	Trust: 1.0
vendor:	tp link	model:	tl-wdr3500 \	scope:	lte	version:	141113	Trust: 1.0
vendor:	tp link	model:	tl-wdr3600 \	scope:	lte	version:	141022	Trust: 1.0
vendor:	tp link	model:	tl-wr740n \	scope:	lte	version:	141217	Trust: 1.0
vendor:	tp link	model:	tl-wr741nd \	scope:	lte	version:	141217	Trust: 1.0
vendor:	tp link	model:	archer c8 \	scope:	lte	version:	141023	Trust: 1.0
vendor:	tp link	model:	archer c9 \	scope:	lte	version:	150122	Trust: 1.0
vendor:	tp link	model:	archer c7 \	scope:	lte	version:	141110	Trust: 1.0
vendor:	tp link	model:	archer c5	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c5	scope:	lt	version:	v1.2_150317	Trust: 0.8
vendor:	tp link	model:	archer c7	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c7	scope:	lt	version:	v2_150304	Trust: 0.8
vendor:	tp link	model:	archer c8	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c8	scope:	lt	version:	v1_150316	Trust: 0.8
vendor:	tp link	model:	archer c9	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c9	scope:	lt	version:	v1_150302	Trust: 0.8
vendor:	tp link	model:	tl-wdr3500	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wdr3500	scope:	lt	version:	v1_150302	Trust: 0.8
vendor:	tp link	model:	tl-wdr3600	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wdr3600	scope:	lt	version:	v1_150302	Trust: 0.8
vendor:	tp link	model:	tl-wdr4300	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wdr4300	scope:	lt	version:	v1_150302	Trust: 0.8
vendor:	tp link	model:	tl-wr740n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr740n	scope:	lt	version:	v5_150312	Trust: 0.8
vendor:	tp link	model:	tl-wr741nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr741nd	scope:	lt	version:	v5_150312	Trust: 0.8
vendor:	tp link	model:	tl-wr841n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr841n	scope:	lt	version:	v10_150310	Trust: 0.8
vendor:	tp link	model:	tl-wr841n	scope:	lt	version:	v9_150310	Trust: 0.8
vendor:	tp link	model:	tl-wr841nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr841nd	scope:	lt	version:	v10_150310	Trust: 0.8
vendor:	tp link	model:	tl-wr841nd	scope:	lt	version:	v9_150310	Trust: 0.8
vendor:	tp link	model:	routers	scope:	-	version:	-	Trust: 0.6
vendor:	tp link	model:	archer c9 \	scope:	eq	version:	150122	Trust: 0.6
vendor:	tp link	model:	archer c7 \	scope:	eq	version:	141110	Trust: 0.6
vendor:	tp link	model:	tl-wr741nd \	scope:	eq	version:	141217	Trust: 0.6
vendor:	tp link	model:	tl-wr841n \	scope:	-	version:	-	Trust: 0.6
vendor:	tp link	model:	tl-wdr3600 \	scope:	eq	version:	141022	Trust: 0.6
vendor:	tp link	model:	archer c8 \	scope:	eq	version:	141023	Trust: 0.6
vendor:	tp link	model:	tl-wdr3500 \	scope:	eq	version:	141113	Trust: 0.6
vendor:	tp link	model:	tl-wdr4300 \	scope:	eq	version:	141113	Trust: 0.6
vendor:	tp link	model:	tl-wr841nd	scope:	eq	version:	9.0	Trust: 0.3
vendor:	tp link	model:	tl-wr841nd	scope:	eq	version:	10.0	Trust: 0.3
vendor:	tp link	model:	tl-wr841n	scope:	eq	version:	9.0	Trust: 0.3
vendor:	tp link	model:	tl-wr841n	scope:	eq	version:	10.0	Trust: 0.3
vendor:	tp link	model:	tl-wr741nd	scope:	eq	version:	5.0	Trust: 0.3
vendor:	tp link	model:	tl-wr740n	scope:	eq	version:	5.0	Trust: 0.3
vendor:	tp link	model:	tl-wdr4300	scope:	eq	version:	1.0	Trust: 0.3
vendor:	tp link	model:	tl-wdr3600	scope:	eq	version:	1.0	Trust: 0.3
vendor:	tp link	model:	tl-wdr3500	scope:	eq	version:	1.0	Trust: 0.3
vendor:	tp link	model:	archer c9	scope:	eq	version:	1.0	Trust: 0.3
vendor:	tp link	model:	archer c8	scope:	eq	version:	1.0	Trust: 0.3
vendor:	tp link	model:	archer c7	scope:	eq	version:	2.0	Trust: 0.3
vendor:	tp link	model:	archer c5	scope:	eq	version:	1.2	Trust: 0.3

sources: CNVD: CNVD-2015-02404 // BID: 74050 // JVNDB: JVNDB-2015-002479 // CNNVD: CNNVD-201504-440 // NVD: CVE-2015-3035

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3035
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2015-3035
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-3035
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-02404
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201504-440
value:	HIGH
Trust: 0.6
VULHUB:	VHN-80996
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-3035
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-3035
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-02404
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-80996
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-3035
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2015-02404 // VULHUB: VHN-80996 // VULMON: CVE-2015-3035 // JVNDB: JVNDB-2015-002479 // CNNVD: CNNVD-201504-440 // NVD: CVE-2015-3035 // NVD: CVE-2015-3035

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-80996 // JVNDB: JVNDB-2015-002479 // NVD: CVE-2015-3035

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-440

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201504-440

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002479

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-80996

PATCH

title:	Download for Archer C5 V1.20	url:	http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware	Trust: 0.8
title:	Download for TL-WR841N V9	url:	http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware	Trust: 0.8
title:	Download for TL-WDR4300 V1	url:	http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware	Trust: 0.8
title:	Download for TL-WR740N V5	url:	http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware	Trust: 0.8
title:	Download for Archer C7 V2	url:	http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware	Trust: 0.8
title:	Download for Archer C9 V1	url:	http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware	Trust: 0.8
title:	Download for TL-WDR3500 V1	url:	http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware	Trust: 0.8
title:	Download for TL-WR841ND V9	url:	http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware	Trust: 0.8
title:	Download for TL-WR841N V10	url:	http://www.tp-link.com/en/download/TL-WR841N_V10.html#Firmware	Trust: 0.8
title:	Download for Archer C8 V1	url:	http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware	Trust: 0.8
title:	Download for TL-WR841ND V10	url:	http://www.tp-link.com/en/download/TL-WR841ND_V10.html#Firmware	Trust: 0.8
title:	Download for TL-WR741ND V5	url:	http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware	Trust: 0.8
title:	Download for TL-WDR3600 V1	url:	http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware	Trust: 0.8
title:	Patch for multiple TP-LINK product catalog traversal vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/57321	Trust: 0.6
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: CNVD: CNVD-2015-02404 // VULMON: CVE-2015-3035 // JVNDB: JVNDB-2015-002479

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3035	Trust: 3.5
db:	BID	id:	74050	Trust: 2.1
db:	PACKETSTORM	id:	131378	Trust: 1.8
db:	JVNDB	id:	JVNDB-2015-002479	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-440	Trust: 0.7
db:	CNVD	id:	CNVD-2015-02404	Trust: 0.6
db:	VULHUB	id:	VHN-80996	Trust: 0.1
db:	VULMON	id:	CVE-2015-3035	Trust: 0.1

sources: CNVD: CNVD-2015-02404 // VULHUB: VHN-80996 // VULMON: CVE-2015-3035 // BID: 74050 // JVNDB: JVNDB-2015-002479 // CNNVD: CNNVD-201504-440 // NVD: CVE-2015-3035

REFERENCES

url:	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_tp-link_unauthenticated_local_file_disclosure_vulnerability_v10.txt	Trust: 2.1
url:	http://www.securityfocus.com/bid/74050	Trust: 1.9
url:	http://packetstormsecurity.com/files/131378/tp-link-local-file-disclosure.html	Trust: 1.9
url:	http://www.tp-link.com/en/download/archer-c5_v1.20.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/archer-c7_v2.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/archer-c8_v1.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/archer-c9_v1.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/tl-wdr3500_v1.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/tl-wdr3600_v1.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/tl-wdr4300_v1.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/tl-wr740n_v5.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/tl-wr741nd_v5.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/tl-wr841nd_v9.html#firmware	Trust: 1.8
url:	http://www.tp-link.com/en/download/tl-wr841n_v9.html#firmware	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2015/apr/26	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/535240/100/0/threaded	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3035	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3035	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/535240/100/0/threaded	Trust: 0.6
url:	http://www.tp-link.com/en/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ostorlab/kev	Trust: 0.1

sources: CNVD: CNVD-2015-02404 // VULHUB: VHN-80996 // VULMON: CVE-2015-3035 // BID: 74050 // JVNDB: JVNDB-2015-002479 // CNNVD: CNNVD-201504-440 // NVD: CVE-2015-3035

CREDITS

SEC Consult Vulnerability Lab

Trust: 0.3

sources: BID: 74050

SOURCES

db:	CNVD	id:	CNVD-2015-02404
db:	VULHUB	id:	VHN-80996
db:	VULMON	id:	CVE-2015-3035
db:	BID	id:	74050
db:	JVNDB	id:	JVNDB-2015-002479
db:	CNNVD	id:	CNNVD-201504-440
db:	NVD	id:	CVE-2015-3035

LAST UPDATE DATE

2025-04-13T23:42:04.458000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02404	date:	2015-04-15T00:00:00
db:	VULHUB	id:	VHN-80996	date:	2018-10-09T00:00:00
db:	VULMON	id:	CVE-2015-3035	date:	2018-10-09T00:00:00
db:	BID	id:	74050	date:	2015-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-002479	date:	2015-04-27T00:00:00
db:	CNNVD	id:	CNNVD-201504-440	date:	2015-04-30T00:00:00
db:	NVD	id:	CVE-2015-3035	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02404	date:	2015-04-15T00:00:00
db:	VULHUB	id:	VHN-80996	date:	2015-04-22T00:00:00
db:	VULMON	id:	CVE-2015-3035	date:	2015-04-22T00:00:00
db:	BID	id:	74050	date:	2015-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-002479	date:	2015-04-27T00:00:00
db:	CNNVD	id:	CNNVD-201504-440	date:	2015-04-22T00:00:00
db:	NVD	id:	CVE-2015-3035	date:	2015-04-22T01:59:02.553