CVE-2020-35575

high-risk

Published 2020-12-26

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

Do I need to act?

18.8% chance of exploitation in next 30 days

EPSS score — higher than 81% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Wa901Nd Firmware

Archer C5 Firmware

Archer C7 Firmware

Mr3420 Firmware

Mr6400 Firmware

Wa701Nd Firmware

Wa801Nd Firmware

Wdr3500 Firmware

Wdr3600 Firmware

We843N Firmware

Wr1043Nd Firmware

Wr1045Nd Firmware

Wr740N Firmware

Wr741Nd Firmware

Wr749N Firmware

Wr802N Firmware

Wr840N Firmware

Wr841Hp Firmware

Wr841N Firmware

Wr842N Firmware

Affected Vendors

Tp-Link

References (8)

Exploit http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection....

Third Party Advisory https://pastebin.com/F8AuUdck

https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%2820...

Vendor Advisory https://www.tp-link.com/us/security

Exploit http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection....

Third Party Advisory https://pastebin.com/F8AuUdck

https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%2820...

Vendor Advisory https://www.tp-link.com/us/security

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 13/34 · Low

Exposure 22/34 · High