Details of VAR-202012-1159

ID

VAR-202012-1159

CVE

CVE-2020-35575

TITLE

Multiple Tp-Link Router product information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202012-1558

DESCRIPTION

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices

Trust: 0.99

sources: NVD: CVE-2020-35575 // VULMON: CVE-2020-35575

AFFECTED PRODUCTS

vendor:	tp link	model:	wr741nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wa801nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr840n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr949n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr740n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	mr3420	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr940n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	mr6400	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr749n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr1045nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr945n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wrd4300	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr842nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wa701nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr941hp	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wa901nd	scope:	lt	version:	3.16.9\(201211\)_beta	Trust: 1.0
vendor:	tp link	model:	wr802n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wdr3500	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr842n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr841n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr845n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wdr3600	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr1043nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	archer c7	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	archer c5	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	we843n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr841hp	scope:	eq	version:	-	Trust: 1.0

sources: NVD: CVE-2020-35575

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2020-35575
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202012-1558
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-35575
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
VULMON:	CVE-2020-35575
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2020-35575 // NVD: CVE-2020-35575 // CNNVD: CNNVD-202012-1558

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-35575

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1558

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-1558

CONFIGURATIONS

sources: NVD: CVE-2020-35575

PATCH

title:

Multiple Tp-Link Repair measures for router product information leakage vulnerability

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138203

Trust: 0.6

sources: CNNVD: CNNVD-202012-1558

EXTERNAL IDS

db:	PACKETSTORM	id:	163274	Trust: 1.7
db:	NVD	id:	CVE-2020-35575	Trust: 1.7
db:	EXPLOIT-DB	id:	50058	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-1558	Trust: 0.6
db:	VULMON	id:	CVE-2020-35575	Trust: 0.1

sources: VULMON: CVE-2020-35575 // NVD: CVE-2020-35575 // CNNVD: CNNVD-202012-1558

REFERENCES

url:	http://packetstormsecurity.com/files/163274/tp-link-tl-wr841n-command-injection.html	Trust: 2.4
url:	https://pastebin.com/f8auudck	Trust: 1.7
url:	https://www.tp-link.com/us/security	Trust: 1.7
url:	https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip	Trust: 1.0
url:	https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35575	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50058	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-35575 // NVD: CVE-2020-35575 // CNNVD: CNNVD-202012-1558

SOURCES

db:	VULMON	id:	CVE-2020-35575
db:	NVD	id:	CVE-2020-35575
db:	CNNVD	id:	CNNVD-202012-1558

LAST UPDATE DATE

2023-12-18T13:32:47.746000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-35575	date:	2021-09-07T00:00:00
db:	NVD	id:	CVE-2020-35575	date:	2023-11-07T03:21:59.083
db:	CNNVD	id:	CNNVD-202012-1558	date:	2021-06-28T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-35575	date:	2020-12-26T00:00:00
db:	NVD	id:	CVE-2020-35575	date:	2020-12-26T02:15:12.870
db:	CNNVD	id:	CNNVD-202012-1558	date:	2020-12-25T00:00:00