CVE-2020-35575 Information
Jun 07, 2022
cve
Description
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta and Archer C5 Archer C7 MR3420 MR6400 WA701ND WA801ND WDR3500 WDR3600 WE843N WR1043ND WR1045ND WR740N WR741ND WR749N WR802N WR840N WR841HP WR841N WR842N WR842ND WR845N WR940N WR941HP WR945N WR949N and WRD4300 devices.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://pastebin.com/F8AuUdck https://www.tp-link.com/us/security https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: