Cyber Resilience

CVE-2015-3035

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 22 April 2015

Published
22 April 2015
Modified
21 April 2026
KEV Added
25 March 2022
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9245 99.7th percentile
Risk Priority 90 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2015-3035 is a high-severity Path Traversal (CWE-22) vulnerability in Tp-Link Tl-Wr841N Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2015-3035 is a directory traversal vulnerability (CWE-22) affecting multiple TP-LINK router models, including the Archer C5 (v1.2) with firmware prior to 150317, Archer C7 (v2.0) prior to 150304, Archer C8 (v1.0) prior to 150316, Archer C9 (v1.0), TL-WDR3500/3600/4300 (v1.0) prior to 150302, TL-WR740N/741ND (v5.0) prior to 150312, and TL-WR841N/ND (v9.0/10.0) prior to 150310. The flaw resides in the handling of the login/ endpoint, where a path traversal sequence in PATH_INFO permits access to files outside the intended web root.

Unauthenticated remote attackers can exploit the issue over the network by supplying crafted requests containing dot-dot sequences, resulting in disclosure of arbitrary files stored on the device with high confidentiality impact and no requirement for authentication or user interaction.

Vendor firmware updates addressing the affected models are referenced in the TP-LINK download archives and public disclosures on Packet Storm and Full Disclosure lists; applying the listed firmware revisions (such as 150317 for Archer C5) eliminates the traversal vector. No details on in-the-wild exploitation are provided in the source references.

EU & UK References

Vulnerability details

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N…

more

(5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

CWE(s)
KEV Date Added
25 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tp-link
tl-wr741nd firmware
≤ 150312
tp-link
tl-wr841n firmware
≤ 150310 · ≤ 150310
tp-link
tl-wr740n firmware
≤ 150312
tp-link
archer c5 firmware
≤ 150317
tp-link
tl-wdr3600 firmware
≤ 150302
tp-link
archer c7 firmware
≤ 150304
tp-link
tl-wr841nd firmware
≤ 150310 · ≤ 150310
tp-link
archer c9 firmware
≤ 150302
tp-link
archer c8 firmware
≤ 150316
tp-link
tl-wdr4300 firmware
≤ 150302
+1 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the dot-dot PATH_INFO sequences that enable the directory traversal on the login/ endpoint.

prevent

Enforces access restrictions so unauthenticated requests cannot read arbitrary files outside the web root.

prevent

Requires timely application of the vendor firmware revisions that close the traversal vector in the affected TP-LINK models.

References