cbcvebase.
CVE-2012-5687
published 2012-11-01

CVE-2012-5687: Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier…

PriorityP268high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
68.72%
99.3th percentile
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.

Affected

1 ranges
VendorProductVersion rangeFixed in
tp-linktl-wr841n_firmware<= 3.13.9

Detection & IOCsextracted from sources · hover to see the quote

urlGET /help/../../etc/passwd HTTP/1.1
path/help/../../etc/passwd
path/help/
  • Detect unauthenticated HTTP GET requests containing path traversal sequences (../) targeting the /help/ URI on TP-Link devices
  • No authentication is required to exploit the directory traversal; flag any GET /help/../../ requests from unauthenticated sources
  • Alert on HTTP responses from TP-LINK Router servers returning /etc/passwd content (e.g., root:x:0:0 strings) in response body
  • Monitor for HTTP GET requests to /userRpm/ChangeLoginPwdRpm.htm with credentials passed as plaintext query parameters (oldname, oldpassword, newname, newpassword)
  • Use the Metasploit auxiliary module tplink_traversal_noauth to scan for vulnerable TP-Link access points running firmware 3.12.16 Build 120228 Rel.37317n
  • Use the Nmap NSE script http-tplink-dir-traversal.nse to detect vulnerable TP-Link devices
  • ·Vulnerability affects TP-LINK TL-WR841N firmware 3.13.9 build 120201 Rel.54965n and earlier; also confirmed on TL-WA701N/TL-WA701ND firmware 3.12.6 Build 110210 Rel.37112n and 3.12.16 Build 120228 Rel.37317n
  • ·No known patch or firmware fix was available at time of disclosure
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.