CVE-2015-3035

Name of the Vulnerable Software and Affected Versions TP-LINK Archer C5 versions 1.2 with firmware before 150317 TP-LINK Archer C7 version 2.0 with firmware before 150304 TP-LINK Archer C8 version 1.0 with firmware before 150316 TP-LINK Archer C9 version 1.0 TP-LINK TL-WDR3500 version 1.0 with firmware before 150302 TP-LINK TL-WDR3600 version 1.0 with firmware before 150302 TP-LINK TL-WDR4300 version 1.0 with firmware before 150302 TP-LINK TL-WR740N version 5.0 with firmware before 150312 TP-LINK TL-WR741ND version 5.0 with firmware before 150312 TP-LINK TL-WR841N versions 9.0 through 10.0 with firmware before 150310 TP-LINK TL-WR841ND versions 9.0 through 10.0 with firmware before 150310

Description The issue is related to a directory traversal vulnerability that allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH INFO to "login/". This can be exploited to bypass authentication procedures and read or write arbitrary files in the system. The vulnerability is due to incorrect restriction of the path name to a directory with limited access.

Recommendations For TP-LINK Archer C5 version 1.2, update the firmware to version 150317 or later. For TP-LINK Archer C7 version 2.0, update the firmware to version 150304 or later. For TP-LINK Archer C8 version 1.0, update the firmware to version 150316 or later. For TP-LINK Archer C9 version 1.0, update the firmware to a version that addresses the issue. For TP-LINK TL-WDR3500 version 1.0, update the firmware to version 150302 or later. For TP-LINK TL-WDR3600 version 1.0, update the firmware to version 150302 or later. For TP-LINK TL-WDR4300 version 1.0, update the firmware to version 150302 or later. For TP-LINK TL-WR740N version 5.0, update the firmware to version 150312 or later. For TP-LINK TL-WR741ND version 5.0, update the firmware to version 150312 or later. For TP-LINK TL-WR841N versions 9.0 through 10.0, update the firmware to version 150310 or later. For TP-LINK TL-WR841ND versions 9.0 through 10.0, update the firmware to version 150310 or later. As a temporary workaround, consider restricting access to the "login/" endpoint until a patch is available.