CVE-2015-3035 — TP-Link Multiple Archer Devices

TP-Link Multiple Archer Devices Directory Traversal Vulnerability

Added to KEV

2022-03-25

Federal due date

2022-04-15

Vendor

TP-Link

Product

Multiple Archer Devices

EPSS

99.8th percentile (score 0.927, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2015-3035

CISA short description

Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.