Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NTp Link Archer C5
HWTp-Link1.20Tp Link Archer C5 Firmware
OSTp-Link< 150317Tp Link Archer C7
HWTp-Link2Tp Link Archer C7 Firmware
OSTp-Link< 150304Tp Link Archer C8
HWTp-Link1Tp Link Archer C8 Firmware
OSTp-Link< 150316Tp Link Archer C9
HWTp-Link1Tp Link Archer C9 Firmware
OSTp-Link< 150302Tp Link Tl Wdr3500
HWTp-Link1Tp Link Tl Wdr3500 Firmware
OSTp-Link< 150302Tp Link Tl Wdr3600
HWTp-Link1Tp Link Tl Wdr3600 Firmware
OSTp-Link< 150302Tp Link Tl Wdr4300
HWTp-Link1Tp Link Tl Wdr4300 Firmware
OSTp-Link< 150302Tp Link Tl Wr740n
HWTp-Link5Tp Link Tl Wr740n Firmware
OSTp-Link< 150312Tp Link Tl Wr741nd
HWTp-Link5Tp Link Tl Wr741nd Firmware
OSTp-Link< 150312Tp Link Tl Wr841n
HWTp-Link109Tp Link Tl Wr841nd
HWTp-Link109Tp Link Tl Wr841nd Firmware
OSTp-Link< 150310Tp Link Tl Wr841n Firmware
OSTp-Link< 150310
CISA KEV — detailsi
- Vendori
- TP-Link
- Producti
- Multiple Archer Devices
- Added to KEVi
- March 25, 2022
- Remediation deadline (US Federal)i
- April 15, 2022(overdue)
Apply updates per vendor instructions.
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Related vulnerabilities
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Auth...
TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr...
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get fu...
Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..
On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web i...