CVE-2015-3035 - Vulnerability Details

Description

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

Published: 2015-04-17

Score: 7.5 High

EPSS: 93.1% High

KEV: Yes

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:tl-wr741nd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr741nd:5:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr841n:9:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tp-link:tl-wr740n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr740n:5:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:tp-link:archer_c5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_c5:1.20:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr841n:10:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:tp-link:tl-wdr3600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr3600:1:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:tp-link:archer_c7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_c7:2:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:tp-link:tl-wr841nd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr841nd:10:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:tp-link:archer_c9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_c9:1:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:tp-link:tl-wr841nd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr841nd:9:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:tp-link:archer_c8_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_c8:1:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:tp-link:tl-wdr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr4300:1:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:tp-link:tl-wdr3500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr3500:1:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is in the KEV database since March 25, 2022.

The EPSS score is 0.93127.

Exploitation active

Automatable yes

Technical Impact partial

References

Link	Providers
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html
http://seclists.org/fulldisclosure/2015/Apr/26
http://www.securityfocus.com/archive/1/535240/100/0/threaded
http://www.securityfocus.com/bid/74050
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware
http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware
http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware
http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware
http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware
http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3035
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt

History

Tue, 21 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link archer C5 Tp-link archer C5 Firmware Tp-link archer C7 Tp-link archer C7 Firmware Tp-link archer C8 Tp-link archer C8 Firmware Tp-link archer C9 Tp-link archer C9 Firmware Tp-link tl-wdr3500 Tp-link tl-wdr3500 Firmware Tp-link tl-wdr3600 Tp-link tl-wdr3600 Firmware Tp-link tl-wdr4300 Tp-link tl-wdr4300 Firmware Tp-link tl-wr740n Tp-link tl-wr740n Firmware Tp-link tl-wr741nd Tp-link tl-wr741nd Firmware Tp-link tl-wr841n Tp-link tl-wr841n Firmware Tp-link tl-wr841nd Tp-link tl-wr841nd Firmware
CPEs	cpe:2.3:h:tp-link:archer_c5_\(1.2\):-:::::::* cpe:2.3:h:tp-link:archer_c7_\(2.0\):-:::::::* cpe:2.3:h:tp-link:archer_c8_\(1.0\):-:::::::* cpe:2.3:h:tp-link:archer_c9_\(1.0\):-:::::::* cpe:2.3:h:tp-link:tl-wdr3500_\(1.0\):-:::::::* cpe:2.3:h:tp-link:tl-wdr3600_\(1.0\):-:::::::* cpe:2.3:h:tp-link:tl-wdr4300_\(1.0\):-:::::::* cpe:2.3:h:tp-link:tl-wr740n_\(5.0\):-:::::::* cpe:2.3:h:tp-link:tl-wr741nd_\(5.0\):-:::::::* cpe:2.3:h:tp-link:tl-wr841n_\(10.0\):-:::::::* cpe:2.3:h:tp-link:tl-wr841n_\(9.0\):-:::::::* cpe:2.3:h:tp-link:tl-wr841nd_\(10.0\):-:::::::* cpe:2.3:h:tp-link:tl-wr841nd_\(9.0\):-:::::::* cpe:2.3:o:tp-link:archer_c5_\(1.2\)_firmware:::::::: cpe:2.3:o:tp-link:archer_c7_\(2.0\)_firmware:::::::: cpe:2.3:o:tp-link:archer_c8_\(1.0\)_firmware:::::::: cpe:2.3:o:tp-link:archer_c9_\(1.0\)_firmware:::::::: cpe:2.3:o:tp-link:tl-wdr3500_\(1.0\)_firmware:::::::: cpe:2.3:o:tp-link:tl-wdr3600_\(1.0\)_firmware:::::::: cpe:2.3:o:tp-link:tl-wdr4300_\(1.0\)_firmware:::::::: cpe:2.3:o:tp-link:tl-wr740n_\(5.0\)_firmware:::::::: cpe:2.3:o:tp-link:tl-wr741nd_\(5.0\)_firmware:::::::: cpe:2.3:o:tp-link:tl-wr841n_\(10.0\)_firmware:::::::: cpe:2.3:o:tp-link:tl-wr841n_\(9.0\)_firmware:::::::: cpe:2.3:o:tp-link:tl-wr841nd_\(10.0\)_firmware:150104:::::::* cpe:2.3:o:tp-link:tl-wr841nd_\(9.0\)_firmware::::::::	cpe:2.3:h:tp-link:archer_c5:1.20:::::::* cpe:2.3:h:tp-link:archer_c7:2:::::::* cpe:2.3:h:tp-link:archer_c8:1:::::::* cpe:2.3:h:tp-link:archer_c9:1:::::::* cpe:2.3:h:tp-link:tl-wdr3500:1:::::::* cpe:2.3:h:tp-link:tl-wdr3600:1:::::::* cpe:2.3:h:tp-link:tl-wdr4300:1:::::::* cpe:2.3:h:tp-link:tl-wr740n:5:::::::* cpe:2.3:h:tp-link:tl-wr741nd:5:::::::* cpe:2.3:h:tp-link:tl-wr841n:10:::::::* cpe:2.3:h:tp-link:tl-wr841n:9:::::::* cpe:2.3:h:tp-link:tl-wr841nd:10:::::::* cpe:2.3:h:tp-link:tl-wr841nd:9:::::::* cpe:2.3:o:tp-link:archer_c5_firmware:::::::: cpe:2.3:o:tp-link:archer_c7_firmware:::::::: cpe:2.3:o:tp-link:archer_c8_firmware:::::::: cpe:2.3:o:tp-link:archer_c9_firmware:::::::: cpe:2.3:o:tp-link:tl-wdr3500_firmware:::::::: cpe:2.3:o:tp-link:tl-wdr3600_firmware:::::::: cpe:2.3:o:tp-link:tl-wdr4300_firmware:::::::: cpe:2.3:o:tp-link:tl-wr740n_firmware:::::::: cpe:2.3:o:tp-link:tl-wr741nd_firmware:::::::: cpe:2.3:o:tp-link:tl-wr841n_firmware:::::::: cpe:2.3:o:tp-link:tl-wr841nd_firmware::::::::
Vendors & Products	Tp-link archer C5 \(1.2\) Tp-link archer C5 \(1.2\) Firmware Tp-link archer C7 \(2.0\) Tp-link archer C7 \(2.0\) Firmware Tp-link archer C8 \(1.0\) Tp-link archer C8 \(1.0\) Firmware Tp-link archer C9 \(1.0\) Tp-link archer C9 \(1.0\) Firmware Tp-link tl-wdr3500 \(1.0\) Tp-link tl-wdr3500 \(1.0\) Firmware Tp-link tl-wdr3600 \(1.0\) Tp-link tl-wdr3600 \(1.0\) Firmware Tp-link tl-wdr4300 \(1.0\) Tp-link tl-wdr4300 \(1.0\) Firmware Tp-link tl-wr740n \(5.0\) Tp-link tl-wr740n \(5.0\) Firmware Tp-link tl-wr741nd \(5.0\) Tp-link tl-wr741nd \(5.0\) Firmware Tp-link tl-wr841n \(10.0\) Tp-link tl-wr841n \(10.0\) Firmware Tp-link tl-wr841n \(9.0\) Tp-link tl-wr841n \(9.0\) Firmware Tp-link tl-wr841nd \(10.0\) Tp-link tl-wr841nd \(10.0\) Firmware Tp-link tl-wr841nd \(9.0\) Tp-link tl-wr841nd \(9.0\) Firmware	Tp-link archer C5 Tp-link archer C5 Firmware Tp-link archer C7 Tp-link archer C7 Firmware Tp-link archer C8 Tp-link archer C8 Firmware Tp-link archer C9 Tp-link archer C9 Firmware Tp-link tl-wdr3500 Tp-link tl-wdr3500 Firmware Tp-link tl-wdr3600 Tp-link tl-wdr3600 Firmware Tp-link tl-wdr4300 Tp-link tl-wdr4300 Firmware Tp-link tl-wr740n Tp-link tl-wr740n Firmware Tp-link tl-wr741nd Tp-link tl-wr741nd Firmware Tp-link tl-wr841n Tp-link tl-wr841n Firmware Tp-link tl-wr841nd Tp-link tl-wr841nd Firmware

Wed, 22 Oct 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3035

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3035

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3035

Tue, 04 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-25'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Tp-link Archer C5 Archer C5 Firmware Archer C7 Archer C7 Firmware Archer C8 Archer C8 Firmware Archer C9 Archer C9 Firmware Tl-wdr3500 Tl-wdr3500 Firmware Tl-wdr3600 Tl-wdr3600 Firmware Tl-wdr4300 Tl-wdr4300 Firmware Tl-wr740n Tl-wr740n Firmware Tl-wr741nd Tl-wr741nd Firmware Tl-wr841n Tl-wr841n Firmware Tl-wr841nd Tl-wr841nd Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-04-17T18:00:00.000Z

Updated: 2025-10-21T23:56:02.932Z

Reserved: 2015-04-08T00:00:00.000Z

Link: CVE-2015-3035

Vulnrichment

Updated: 2024-08-06T05:32:21.387Z

NVD

Status : Analyzed

Published: 2015-04-22T01:59:02.553

Modified: 2026-04-21T17:05:04.577

Link: CVE-2015-3035

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Exploitation active

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object