Vulnerability Details : CVE-2012-5687

Public exploit exists!
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.
Published 2012-11-01 10:44:48
Updated 2017-08-29 01:32:44
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2012-5687

Probability of exploitation activity in the next 30 days: 2.95%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2012-5687

  • TP-Link Wireless Lite N Access Point Directory Traversal Vulnerability
    First seen: 2020-04-26
    auxiliary/scanner/http/tplink_traversal_noauth
    This module tests whether a directory traversal vulnerability is present in versions of TP-Link Access Point 3.12.16 Build 120228 Rel.37317n. Authors: - Michael Messner <devnull@s3cur1ty.de>

CVSS scores for CVE-2012-5687

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.8
 HIGH AV:N/AC:L/Au:N/C:C/I:N/A:N
10.0
6.9
 NIST

CWE ids for CVE-2012-5687

  • The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-5687

Products affected by CVE-2012-5687

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close