Lucene search

[email protected]NVD:CVE-2020-35575

HistoryDec 26, 2020 - 2:15 a.m.

CVE-2020-35575

2020-12-2602:15:12

[email protected]

web.nvd.nist.gov

tp-link

password disclosure

remote access

web interface

security issue

cve-2020-35575

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.195

Percentile

96.3%

JSON

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

Affected configurations

Nvd

Node

tp-linkwa901nd_firmwareRange<3.16.9\(201211\)_beta

AND

tp-linkwa901ndMatch-

Node

tp-linkarcher_c5_firmwareMatch-

AND

tp-linkarcher_c5Match-

Node

tp-linkarcher_c7_firmwareMatch-

AND

tp-linkarcher_c7Match-

Node

tp-linkmr3420_firmwareMatch-

AND

tp-linkmr3420Match-

Node

tp-linkmr6400_firmwareMatch-

AND

tp-linkmr6400Match-

Node

tp-linkwa701nd_firmwareMatch-

AND

tp-linkwa701ndMatch-

Node

tp-linkwa801nd_firmwareMatch-

AND

tp-linkwa801ndMatch-

Node

tp-linkwdr3500_firmwareMatch-

AND

tp-linkwdr3500Match-

Node

tp-linkwdr3600_firmwareMatch-

AND

tp-linkwdr3600Match-

Node

tp-linkwe843n_firmwareMatch-

AND

tp-linkwe843nMatch-

Node

tp-linkwr1043nd_firmwareMatch-

AND

tp-linkwr1043ndMatch-

Node

tp-linkwr1045nd_firmwareMatch-

AND

tp-linkwr1045ndMatch-

Node

tp-linkwr740n_firmwareMatch-

AND

tp-linkwr740nMatch-

Node

tp-linkwr741nd_firmwareMatch-

AND

tp-linkwr741ndMatch-

Node

tp-linkwr749n_firmwareMatch-

AND

tp-linkwr749nMatch-

Node

tp-linkwr802n_firmwareMatch-

AND

tp-linkwr802nMatch-

Node

tp-linkwr840n_firmwareMatch-

AND

tp-linkwr840nMatch-

Node

tp-linkwr841hp_firmwareMatch-

AND

tp-linkwr841hpMatch-

Node

tp-linkwr841n_firmwareMatch-

AND

tp-linkwr841nMatch-

Node

tp-linkwr842n_firmwareMatch-

AND

tp-linkwr842nMatch-

Node

tp-linkwr842nd_firmwareMatch-

AND

tp-linkwr842ndMatch-

Node

tp-linkwr845n_firmwareMatch-

AND

tp-linkwr845nMatch-

Node

tp-linkwr940n_firmwareMatch-

AND

tp-linkwr940nMatch-

Node

tp-linkwr941hp_firmwareMatch-

AND

tp-linkwr941hpMatch-

Node

tp-linkwr945n_firmwareMatch-

AND

tp-linkwr945nMatch-

Node

tp-linkwr949n_firmwareMatch-

AND

tp-linkwr949nMatch-

Node

tp-linkwrd4300_firmwareMatch-

AND

tp-linkwrd4300Match-

VendorProductVersionCPE
tp-linkwa901nd_firmware*cpe:2.3:o:tp-link:wa901nd_firmware:*:*:*:*:*:*:*:*
tp-linkwa901nd-cpe:2.3:h:tp-link:wa901nd:-:*:*:*:*:*:*:*
tp-linkarcher_c5_firmware-cpe:2.3:o:tp-link:archer_c5_firmware:-:*:*:*:*:*:*:*
tp-linkarcher_c5-cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*
tp-linkarcher_c7_firmware-cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*
tp-linkarcher_c7-cpe:2.3:h:tp-link:archer_c7:-:*:*:*:*:*:*:*
tp-linkmr3420_firmware-cpe:2.3:o:tp-link:mr3420_firmware:-:*:*:*:*:*:*:*
tp-linkmr3420-cpe:2.3:h:tp-link:mr3420:-:*:*:*:*:*:*:*
tp-linkmr6400_firmware-cpe:2.3:o:tp-link:mr6400_firmware:-:*:*:*:*:*:*:*
tp-linkmr6400-cpe:2.3:h:tp-link:mr6400:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	wa901nd_firmware	*	cpe:2.3:o:tp-link:wa901nd_firmware::::::::
tp-link	wa901nd	-	cpe:2.3:h:tp-link:wa901nd:-:::::::*
tp-link	archer_c5_firmware	-	cpe:2.3:o:tp-link:archer_c5_firmware:-:::::::*
tp-link	archer_c5	-	cpe:2.3:h:tp-link:archer_c5:-:::::::*
tp-link	archer_c7_firmware	-	cpe:2.3:o:tp-link:archer_c7_firmware:-:::::::*
tp-link	archer_c7	-	cpe:2.3:h:tp-link:archer_c7:-:::::::*
tp-link	mr3420_firmware	-	cpe:2.3:o:tp-link:mr3420_firmware:-:::::::*
tp-link	mr3420	-	cpe:2.3:h:tp-link:mr3420:-:::::::*
tp-link	mr6400_firmware	-	cpe:2.3:o:tp-link:mr6400_firmware:-:::::::*
tp-link	mr6400	-	cpe:2.3:h:tp-link:mr6400:-:::::::*

Rows per page:

1-10 of 541

References

packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html

pastebin.com/F8AuUdck

static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip

www.tp-link.com/us/security

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.195

Percentile

96.3%

JSON

Related for NVD:CVE-2020-35575

cve1 cvelist1 prion1 packetstorm1 checkpoint_advisories1 zdt1