Details of VAR-202012-1159

ID

VAR-202012-1159

CVE

CVE-2020-35575

TITLE

plural TP-LINK Technologies Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-018228

DESCRIPTION

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. TP-LINK Technologies There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2020-35575 // JVNDB: JVNDB-2020-018228 // VULMON: CVE-2020-35575

AFFECTED PRODUCTS

vendor:	tp link	model:	wr802n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr1045nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr949n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wa701nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wdr3600	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr945n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr941hp	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	archer c7	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr1043nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr841hp	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr740n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr845n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	mr3420	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	mr6400	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wrd4300	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wdr3500	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wa801nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wa901nd	scope:	lt	version:	3.16.9\(201211\)_beta	Trust: 1.0
vendor:	tp link	model:	wr741nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	we843n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr842nd	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr841n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	archer c5	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr940n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr840n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr842n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wr749n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	mr3420	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr741nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wdr3600	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	we843n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wa701nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wa901nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	mr6400	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr1045nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr840n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr749n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr841n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c5	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr802n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wa801nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr1043nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c7	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr841hp	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wdr3500	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr740n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	wr842n	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-018228 // NVD: CVE-2020-35575

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-35575
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-35575
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202012-1558
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-35575
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-35575
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-35575
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-35575
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-35575 // JVNDB: JVNDB-2020-018228 // CNNVD: CNNVD-202012-1558 // NVD: CVE-2020-35575

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-018228 // NVD: CVE-2020-35575

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1558

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-1558

PATCH

title:

Multiple Tp-Link Repair measures for router product information leakage vulnerability

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138203

Trust: 0.6

sources: CNNVD: CNNVD-202012-1558

EXTERNAL IDS

db:	NVD	id:	CVE-2020-35575	Trust: 3.3
db:	PACKETSTORM	id:	163274	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-018228	Trust: 0.8
db:	EXPLOIT-DB	id:	50058	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-1558	Trust: 0.6
db:	VULMON	id:	CVE-2020-35575	Trust: 0.1

sources: VULMON: CVE-2020-35575 // JVNDB: JVNDB-2020-018228 // CNNVD: CNNVD-202012-1558 // NVD: CVE-2020-35575

REFERENCES

url:	http://packetstormsecurity.com/files/163274/tp-link-tl-wr841n-command-injection.html	Trust: 3.2
url:	https://pastebin.com/f8auudck	Trust: 2.5
url:	https://www.tp-link.com/us/security	Trust: 2.5
url:	https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35575	Trust: 1.4
url:	https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip	Trust: 0.7
url:	https://www.exploit-db.com/exploits/50058	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-35575 // JVNDB: JVNDB-2020-018228 // CNNVD: CNNVD-202012-1558 // NVD: CVE-2020-35575

SOURCES

db:	VULMON	id:	CVE-2020-35575
db:	JVNDB	id:	JVNDB-2020-018228
db:	CNNVD	id:	CNNVD-202012-1558
db:	NVD	id:	CVE-2020-35575

LAST UPDATE DATE

2024-11-23T22:05:18.002000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-35575	date:	2021-09-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-018228	date:	2024-07-18T01:07:00
db:	CNNVD	id:	CNNVD-202012-1558	date:	2021-06-28T00:00:00
db:	NVD	id:	CVE-2020-35575	date:	2024-11-21T05:27:36.917

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-35575	date:	2020-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-018228	date:	2024-07-18T00:00:00
db:	CNNVD	id:	CNNVD-202012-1558	date:	2020-12-25T00:00:00
db:	NVD	id:	CVE-2020-35575	date:	2020-12-26T02:15:12.870