CVE-2020-35575

Name of the Vulnerable Software and Affected Versions TP-Link WA901ND version 3.16.9(201211) beta and earlier TP-Link Archer C5 (affected versions not specified) TP-Link Archer C7 (affected versions not specified) TP-Link MR3420 (affected versions not specified) TP-Link MR6400 (affected versions not specified) TP-Link WA701ND (affected versions not specified) TP-Link WA801ND (affected versions not specified) TP-Link WDR3500 (affected versions not specified) TP-Link WDR3600 (affected versions not specified) TP-Link WE843N (affected versions not specified) TP-Link WR1043ND (affected versions not specified) TP-Link WR1045ND (affected versions not specified) TP-Link WR740N (affected versions not specified) TP-Link WR741ND (affected versions not specified) TP-Link WR749N (affected versions not specified) TP-Link WR802N (affected versions not specified) TP-Link WR840N (affected versions not specified) TP-Link WR841HP (affected versions not specified) TP-Link WR841N (affected versions not specified) TP-Link WR842N (affected versions not specified) TP-Link WR842ND (affected versions not specified) TP-Link WR845N (affected versions not specified) TP-Link WR940N (affected versions not specified) TP-Link WR941HP (affected versions not specified) TP-Link WR945N (affected versions not specified) TP-Link WR949N (affected versions not specified) TP-Link WRD4300 (affected versions not specified)

Description A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel.

Recommendations For TP-Link WA901ND version 3.16.9(201211) beta and earlier, update to version 3.16.9(201211) beta or later. For other affected devices, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.