QwikSec

Security Database

CVE

CWE

Training

CVE-2020-35575

Published: Dec 26, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.tp-link.com/us/security

x_refsource_MISC

https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip

x_refsource_MISC

https://pastebin.com/F8AuUdck

x_refsource_MISC

http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.