Guest User

Untitled

a guest
Dec 20th, 2020
2,180
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. > [Suggested description]
  2. > A password-disclosure issue
  3. > in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel.
  4. > This affects
  5. > WA901ND devices before 3.16.9(201211) beta, and
  6. > Archer C5,
  7. > Archer C7,
  8. > MR3420,
  9. > MR6400,
  10. > WA701ND,
  11. > WA801ND,
  12. > WDR3500,
  13. > WDR3600,
  14. > WE843N,
  15. > WR1043ND,
  16. > WR1045ND,
  17. > WR740N,
  18. > WR741ND,
  19. > WR749N,
  20. > WR802N,
  21. > WR840N,
  22. > WR841HP,
  23. > WR841N,
  24. > WR842N,
  25. > WR842ND,
  26. > WR845N,
  27. > WR940N,
  28. > WR941HP,
  29. > WR945N,
  30. > WR949N, and
  31. > WRD4300 devices.
  32. >
  33. > ------------------------------------------
  34. >
  35. > [Additional Information]
  36. > TP-Link confirmed and fixed vulnerability, but they didnt confirm full routers list and didnt provide a fixed list of vulnerable devices.
  37. >
  38. > ------------------------------------------
  39. >
  40. > [Vulnerability Type]
  41. > Incorrect Access Control
  42. >
  43. > ------------------------------------------
  44. >
  45. > [Vendor of Product]
  46. > TP-Link
  47. >
  48. > ------------------------------------------
  49. >
  50. > [Affected Product Code Base]
  51. > Archer C5 - -
  52. > Archer C7 - -
  53. > MR3420 - -
  54. > MR6400 - -
  55. > WA701ND - -
  56. > WA801ND - -
  57. > WA901ND - fixed version: 3.16.9(201211) beta
  58. > WDR3500 - -
  59. > WDR3600 - -
  60. > WE843N - -
  61. > WR1043ND - -
  62. > WR1045ND - -
  63. > WR740N - -
  64. > WR741ND - -
  65. > WR749N - -
  66. > WR802N - -
  67. > WR840N - -
  68. > WR841HP - -
  69. > WR841N - -
  70. > WR842N - -
  71. > WR842ND - -
  72. > WR845N - -
  73. > WR940N - -
  74. > WR941HP - -
  75. > WR945N - -
  76. > WR949N - -
  77. > WRD4300 - -
  78. >
  79. > ------------------------------------------
  80. >
  81. > [Affected Component]
  82. > Administration web server
  83. >
  84. > ------------------------------------------
  85. >
  86. > [Attack Type]
  87. > Remote
  88. >
  89. > ------------------------------------------
  90. >
  91. > [Impact Information Disclosure]
  92. > true
  93. >
  94. > ------------------------------------------
  95. >
  96. > [Attack Vectors]
  97. > The unauthorized attacker can gain login and md5-hash of password and use them to authenticate to administration panel without bruteforcing md5-hash.
  98. >
  99. > ------------------------------------------
  100. >
  101. > [Reference]
  102. > https://www.tp-link.com/us/security
  103. > https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip
  104. > https://tp-link.com/
  105. >
  106. > ------------------------------------------
  107. >
  108. > [Has vendor confirmed or acknowledged the vulnerability?]
  109. > true
  110. >
  111. > ------------------------------------------
  112. >
  113. > [Discoverer]
  114. > Sergey Bliznyuk and Shaposhnikov Ilya
  115.  
  116. Use CVE-2020-35575.
RAW Paste Data