CVE-2012-5687
published 2012-11-01CVE-2012-5687: Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier…
PriorityP268high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
68.72%
99.3th percentile
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tp-link | tl-wr841n_firmware | <= 3.13.9 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests containing path traversal sequences (../) targeting the /help/ URI on TP-Link devices ↗
- →No authentication is required to exploit the directory traversal; flag any GET /help/../../ requests from unauthenticated sources ↗
- →Alert on HTTP responses from TP-LINK Router servers returning /etc/passwd content (e.g., root:x:0:0 strings) in response body ↗
- →Monitor for HTTP GET requests to /userRpm/ChangeLoginPwdRpm.htm with credentials passed as plaintext query parameters (oldname, oldpassword, newname, newpassword) ↗
- →Use the Metasploit auxiliary module tplink_traversal_noauth to scan for vulnerable TP-Link access points running firmware 3.12.16 Build 120228 Rel.37317n ↗
- →Use the Nmap NSE script http-tplink-dir-traversal.nse to detect vulnerable TP-Link devices ↗
- ·Vulnerability affects TP-LINK TL-WR841N firmware 3.13.9 build 120201 Rel.54965n and earlier; also confirmed on TL-WA701N/TL-WA701ND firmware 3.12.6 Build 110210 Rel.37112n and 3.12.16 Build 120228 Rel.37317n ↗
- ·No known patch or firmware fix was available at time of disclosure ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
exploitdb·2013-02-15
CVE-2012-6276 TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
---
Device Name: TL-WA701N / TL-WA701ND
Vendor: TP-Link
============ Vulnerable Firmware Releases: ============
Firmware Version: 3.12.6 Build 110210 Rel.37112n
Firmware Version: 3.12.16 Build 120228 Rel.37317n - Published Date 2/28/2012
Hardware Version: WA701N v1 00000000
Model No.: TL-WA701N / TL-WA701ND
Firmware download: http://www.tp-link.com/en/support/download/?model=TL-WA701ND&version=V1
============ Vulnerability Overview: ============
* Directory Traversal:
Access local files of the device. For example you could read /etc/passwd and /etc/shadow.
Request:
GET /help/../../etc/passwd HTTP/1.1
Host: 192.168.178.2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,
Metasploit
TP-Link Wireless Lite N Access Point Directory Traversal Vulnerability
metasploit
TP-Link Wireless Lite N Access Point Directory Traversal Vulnerability
TP-Link Wireless Lite N Access Point Directory Traversal Vulnerability
This module tests whether a directory traversal vulnerability is present in versions of TP-Link Access Point 3.12.16 Build 120228 Rel.37317n.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-10/0154.htmlhttp://archives.neohapsis.com/archives/bugtraq/2012-10/0154.htmlhttp://packetstormsecurity.org/files/117749/TP-LINK-TL-WR841N-Local-File-Inclusion.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79662http://archives.neohapsis.com/archives/bugtraq/2012-10/0154.htmlhttp://archives.neohapsis.com/archives/bugtraq/2012-10/0154.htmlhttp://packetstormsecurity.org/files/117749/TP-LINK-TL-WR841N-Local-File-Inclusion.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79662
2012-11-01
Published