Vulnerability Details CVE-2020-35575
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.356
EPSS Ranking 96.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html
- https://pastebin.com/F8AuUdck
- https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip
- https://www.tp-link.com/us/security
- http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html
- https://pastebin.com/F8AuUdck
- https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip
- https://www.tp-link.com/us/security
Products affected by CVE-2020-35575
-
cpe:2.3:h:tp-link:archer_c5:-
-
cpe:2.3:h:tp-link:archer_c7:-
-
cpe:2.3:h:tp-link:mr3420:-
-
cpe:2.3:h:tp-link:mr6400:-
-
cpe:2.3:h:tp-link:wa701nd:-
-
cpe:2.3:h:tp-link:wa801nd:-
-
cpe:2.3:h:tp-link:wa901nd:-
-
cpe:2.3:h:tp-link:wdr3500:-
-
cpe:2.3:h:tp-link:wdr3600:-
-
cpe:2.3:h:tp-link:we843n:-
-
cpe:2.3:h:tp-link:wr1043nd:-
-
cpe:2.3:h:tp-link:wr1045nd:-
-
cpe:2.3:h:tp-link:wr740n:-
-
cpe:2.3:h:tp-link:wr741nd:-
-
cpe:2.3:h:tp-link:wr749n:-
-
cpe:2.3:h:tp-link:wr802n:-
-
cpe:2.3:h:tp-link:wr840n:-
-
cpe:2.3:h:tp-link:wr841hp:-
-
cpe:2.3:h:tp-link:wr841n:-
-
cpe:2.3:h:tp-link:wr842n:-
-
cpe:2.3:h:tp-link:wr842nd:-
-
cpe:2.3:h:tp-link:wr845n:-
-
cpe:2.3:h:tp-link:wr940n:-
-
cpe:2.3:h:tp-link:wr941hp:-
-
cpe:2.3:h:tp-link:wr945n:-
-
cpe:2.3:h:tp-link:wr949n:-
-
cpe:2.3:h:tp-link:wrd4300:-
-
cpe:2.3:o:tp-link:archer_c5_firmware:-
-
cpe:2.3:o:tp-link:archer_c7_firmware:-
-
cpe:2.3:o:tp-link:mr3420_firmware:-
-
cpe:2.3:o:tp-link:mr6400_firmware:-
-
cpe:2.3:o:tp-link:wa701nd_firmware:-
-
cpe:2.3:o:tp-link:wa801nd_firmware:-
-
cpe:2.3:o:tp-link:wa901nd_firmware:-
-
cpe:2.3:o:tp-link:wdr3500_firmware:-
-
cpe:2.3:o:tp-link:wdr3600_firmware:-
-
cpe:2.3:o:tp-link:we843n_firmware:-
-
cpe:2.3:o:tp-link:wr1043nd_firmware:-
-
cpe:2.3:o:tp-link:wr1045nd_firmware:-
-
cpe:2.3:o:tp-link:wr740n_firmware:-
-
cpe:2.3:o:tp-link:wr741nd_firmware:-
-
cpe:2.3:o:tp-link:wr749n_firmware:-
-
cpe:2.3:o:tp-link:wr802n_firmware:-
-
cpe:2.3:o:tp-link:wr840n_firmware:-
-
cpe:2.3:o:tp-link:wr841hp_firmware:-
-
cpe:2.3:o:tp-link:wr841n_firmware:-
-
cpe:2.3:o:tp-link:wr842n_firmware:-
-
cpe:2.3:o:tp-link:wr842nd_firmware:-
-
cpe:2.3:o:tp-link:wr845n_firmware:-
-
cpe:2.3:o:tp-link:wr940n_firmware:-
-
cpe:2.3:o:tp-link:wr941hp_firmware:-
-
cpe:2.3:o:tp-link:wr945n_firmware:-
-
cpe:2.3:o:tp-link:wr949n_firmware:-
-
cpe:2.3:o:tp-link:wrd4300_firmware:-