9.8

CVE-2020-35575

Exploit

EPSS 35.57%
Published 26.12.2020 02:15:12
Last modified 21.11.2024 05:27:36
Source cve@mitre.org
Teams watchlist Login
Open Login

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

Affected products Warnungen 0 Metrics 3 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Tp-link ≫ Wa901nd Firmware Version < 3.16.9\(201211\)_beta

Tp-link ≫ Wa901nd Version-

Tp-link ≫ Archer C5 Firmware Version-

Tp-link ≫ Archer C5 Version-

Tp-link ≫ Archer C7 Firmware Version-

Tp-link ≫ Archer C7 Version-

Tp-link ≫ Mr3420 Firmware Version-

Tp-link ≫ Mr3420 Version-

Tp-link ≫ Mr6400 Firmware Version-

Tp-link ≫ Mr6400 Version-

Tp-link ≫ Wa701nd Firmware Version-

Tp-link ≫ Wa701nd Version-

Tp-link ≫ Wa801nd Firmware Version-

Tp-link ≫ Wa801nd Version-

Tp-link ≫ Wdr3500 Firmware Version-

Tp-link ≫ Wdr3500 Version-

Tp-link ≫ Wdr3600 Firmware Version-

Tp-link ≫ Wdr3600 Version-

Tp-link ≫ We843n Firmware Version-

Tp-link ≫ We843n Version-

Tp-link ≫ Wr1043nd Firmware Version-

Tp-link ≫ Wr1043nd Version-

Tp-link ≫ Wr1045nd Firmware Version-

Tp-link ≫ Wr1045nd Version-

Tp-link ≫ Wr740n Firmware Version-

Tp-link ≫ Wr740n Version-

Tp-link ≫ Wr741nd Firmware Version-

Tp-link ≫ Wr741nd Version-

Tp-link ≫ Wr749n Firmware Version-

Tp-link ≫ Wr749n Version-

Tp-link ≫ Wr802n Firmware Version-

Tp-link ≫ Wr802n Version-

Tp-link ≫ Wr840n Firmware Version-

Tp-link ≫ Wr840n Version-

Tp-link ≫ Wr841hp Firmware Version-

Tp-link ≫ Wr841hp Version-

Tp-link ≫ Wr841n Firmware Version-

Tp-link ≫ Wr841n Version-

Tp-link ≫ Wr842n Firmware Version-

Tp-link ≫ Wr842n Version-

Tp-link ≫ Wr842nd Firmware Version-

Tp-link ≫ Wr842nd Version-

Tp-link ≫ Wr845n Firmware Version-

Tp-link ≫ Wr845n Version-

Tp-link ≫ Wr940n Firmware Version-

Tp-link ≫ Wr940n Version-

Tp-link ≫ Wr941hp Firmware Version-

Tp-link ≫ Wr941hp Version-

Tp-link ≫ Wr945n Firmware Version-

Tp-link ≫ Wr945n Version-

Tp-link ≫ Wr949n Firmware Version-

Tp-link ≫ Wr949n Version-

Tp-link ≫ Wrd4300 Firmware Version-

Tp-link ≫ Wrd4300 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	35.57%	0.967

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://www.tp-link.com/us/security

Vendor Advisory

http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html

Third Party Advisory

Exploit

VDB Entry

https://pastebin.com/F8AuUdck

Third Party Advisory

https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip

https://nvd.nist.gov/vuln/detail/CVE-2020-35575

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-35575

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-35575

EUVD