Vulnerabilities > CVE-2020-35575 - Unspecified vulnerability in Tp-Link products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html
- http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html
- https://pastebin.com/F8AuUdck
- https://pastebin.com/F8AuUdck
- https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip
- https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip
- https://www.tp-link.com/us/security
- https://www.tp-link.com/us/security