TP-Link Multiple Archer Devices Directory Traversal Vulnerability
TP-Link — Multiple Archer Devices
- Added to KEV catalog
- 25 March 2022
- Federal remediation due date
- 15 April 2022
- Weakness classification (CWE)
- CWE-22
CISA Description
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-3035
More TP-Link Vulnerabilities
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
TP-Link Multiple Routers Command Injection Vulnerability
TP-Link Archer AX-21 Command Injection Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services