- Description
- Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- tl-wr741nd_firmware, tl-wr841n_firmware, tl-wr740n_firmware, archer_c5_firmware, tl-wdr3600_firmware, archer_c7_firmware, tl-wr841nd_firmware, archer_c9_firmware, archer_c8_firmware, tl-wdr4300_firmware, tl-wdr3500_firmware
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:N/A:N
Data from CISA
- Vulnerability name
- TP-Link Multiple Archer Devices Directory Traversal Vulnerability
- Exploit added on
- Mar 25, 2022
- Exploit action due
- Apr 15, 2022
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr741nd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1850531E-2635-4182-8A80-EE2E8508A1C8",
"versionEndExcluding": "150312",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr741nd:5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F28B389-93A9-4F55-B060-C2F02656DFC6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D83801-FEBD-4657-BA64-6A50A8C6C92F",
"versionEndExcluding": "150310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:9:*:*:*:*:*:*:*",
"matchCriteriaId": "115AF4ED-A740-45CE-87EA-93D696A9D373",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35304B45-F209-4B30-BBC7-182D3183F9D2",
"versionEndExcluding": "150312",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E92FBCA-8D75-4080-8586-CF14EB7DB1FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB19AE9-E2B4-41AD-A998-8F8169799ACF",
"versionEndExcluding": "150317",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "72ED6515-1455-4688-AD62-4388267DEAF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D83801-FEBD-4657-BA64-6A50A8C6C92F",
"versionEndExcluding": "150310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr841n:10:*:*:*:*:*:*:*",
"matchCriteriaId": "605FA887-700C-4A7E-A253-E672D5554737",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wdr3600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38507261-2931-448D-B06D-2EDA1B84A9AF",
"versionEndExcluding": "150302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wdr3600:1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA54B6F-BCA1-4322-B628-43BFF4AB26C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "058F1D4F-F32E-46B1-9AF0-BD8415723F7E",
"versionEndExcluding": "150304",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c7:2:*:*:*:*:*:*:*",
"matchCriteriaId": "41B6A810-B462-4C02-A322-A91CC4161E96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr841nd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C07C05E-7770-4ECD-976E-FAC3D1AA6B42",
"versionEndExcluding": "150310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr841nd:10:*:*:*:*:*:*:*",
"matchCriteriaId": "02427A8C-D815-4BE1-B96D-D1C326281CEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC967456-148E-4810-836B-42184997F8DD",
"versionEndExcluding": "150302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c9:1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D04216F-1D64-4EA2-9964-E1479140ED95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr841nd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C07C05E-7770-4ECD-976E-FAC3D1AA6B42",
"versionEndExcluding": "150310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr841nd:9:*:*:*:*:*:*:*",
"matchCriteriaId": "0E48E745-0CAB-412C-8B52-1F834D72F0CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0BC274-5FCD-4D50-A3DB-0323AEB54F8D",
"versionEndExcluding": "150316",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c8:1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC206AC-5379-4A87-8DA7-9D1A006613E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wdr4300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA0BA45-3662-4764-B2C4-8D518F5E4FBD",
"versionEndExcluding": "150302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wdr4300:1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF17499-D24F-47B5-8299-54EFDD22E37A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wdr3500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08196B78-4434-47CB-B204-FD01AC649488",
"versionEndExcluding": "150302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wdr3500:1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1641AD6-741D-466F-AC21-9C0E75DFDE65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]