CVE-2015-3035

Name: CVE-2015-3035
Creator: NVD / NIST
Published: 2015-04-22T01:59:02.553+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10Actively ExploitedEPSS 83.77%

Last modified Jun 17, 2026

CVE-2015-3035 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.. CISA has confirmed active exploitation in the wild. EPSS estimates a 83.77% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

83.77%

99.7th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Apr 15, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Tp-Link	Tl-Wr741nd Firmware	< 150312
Tp-Link	Tl-Wr841n Firmware	< 150310
Tp-Link	Tl-Wr740n Firmware	< 150312
Tp-Link	Archer C5 Firmware	< 150317
Tp-Link	Tl-Wdr3600 Firmware	< 150302
Tp-Link	Archer C7 Firmware	< 150304
Tp-Link	Tl-Wr841nd Firmware	< 150310
Tp-Link	Archer C9 Firmware	< 150302
Tp-Link	Archer C8 Firmware	< 150316
Tp-Link	Tl-Wdr4300 Firmware	< 150302
Tp-Link	Tl-Wdr3500 Firmware	< 150302

References

http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2015/Apr/26Exploit, Mailing List, Third Party Advisory
http://www.securityfocus.com/archive/1/535240/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/74050Broken Link, Third Party Advisory, VDB Entry
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#FirmwareProduct
http://www.tp-link.com/en/download/Archer-C7_V2.html#FirmwareProduct
http://www.tp-link.com/en/download/Archer-C8_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/Archer-C9_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WR740N_V5.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WR841N_V9.html#FirmwareProduct
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txtExploit, Not Applicable
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2015/Apr/26Exploit, Mailing List, Third Party Advisory
http://www.securityfocus.com/archive/1/535240/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/74050Broken Link, Third Party Advisory, VDB Entry
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#FirmwareProduct
http://www.tp-link.com/en/download/Archer-C7_V2.html#FirmwareProduct
http://www.tp-link.com/en/download/Archer-C8_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/Archer-C9_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WR740N_V5.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#FirmwareProduct
http://www.tp-link.com/en/download/TL-WR841N_V9.html#FirmwareProduct
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txtExploit, Not Applicable
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3035US Government Resource

Timeline

Published: Apr 22, 2015
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2015-3035?

How severe is CVE-2015-3035?

CVE-2015-3035 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 83.77% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2015-3035?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-3035?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST