Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- > [Suggested description]
- > A password-disclosure issue
- > in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel.
- > This affects
- > WA901ND devices before 3.16.9(201211) beta, and
- > Archer C5,
- > Archer C7,
- > MR3420,
- > MR6400,
- > WA701ND,
- > WA801ND,
- > WDR3500,
- > WDR3600,
- > WE843N,
- > WR1043ND,
- > WR1045ND,
- > WR740N,
- > WR741ND,
- > WR749N,
- > WR802N,
- > WR840N,
- > WR841HP,
- > WR841N,
- > WR842N,
- > WR842ND,
- > WR845N,
- > WR940N,
- > WR941HP,
- > WR945N,
- > WR949N, and
- > WRD4300 devices.
- >
- > ------------------------------------------
- >
- > [Additional Information]
- > TP-Link confirmed and fixed vulnerability, but they didnt confirm full routers list and didnt provide a fixed list of vulnerable devices.
- >
- > ------------------------------------------
- >
- > [Vulnerability Type]
- > Incorrect Access Control
- >
- > ------------------------------------------
- >
- > [Vendor of Product]
- > TP-Link
- >
- > ------------------------------------------
- >
- > [Affected Product Code Base]
- > Archer C5 - -
- > Archer C7 - -
- > MR3420 - -
- > MR6400 - -
- > WA701ND - -
- > WA801ND - -
- > WA901ND - fixed version: 3.16.9(201211) beta
- > WDR3500 - -
- > WDR3600 - -
- > WE843N - -
- > WR1043ND - -
- > WR1045ND - -
- > WR740N - -
- > WR741ND - -
- > WR749N - -
- > WR802N - -
- > WR840N - -
- > WR841HP - -
- > WR841N - -
- > WR842N - -
- > WR842ND - -
- > WR845N - -
- > WR940N - -
- > WR941HP - -
- > WR945N - -
- > WR949N - -
- > WRD4300 - -
- >
- > ------------------------------------------
- >
- > [Affected Component]
- > Administration web server
- >
- > ------------------------------------------
- >
- > [Attack Type]
- > Remote
- >
- > ------------------------------------------
- >
- > [Impact Information Disclosure]
- > true
- >
- > ------------------------------------------
- >
- > [Attack Vectors]
- > The unauthorized attacker can gain login and md5-hash of password and use them to authenticate to administration panel without bruteforcing md5-hash.
- >
- > ------------------------------------------
- >
- > [Reference]
- > https://www.tp-link.com/us/security
- > https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip
- > https://tp-link.com/
- >
- > ------------------------------------------
- >
- > [Has vendor confirmed or acknowledged the vulnerability?]
- > true
- >
- > ------------------------------------------
- >
- > [Discoverer]
- > Sergey Bliznyuk and Shaposhnikov Ilya
- Use CVE-2020-35575.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement