CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
72.5%
TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities:
TP-Link device WR710N-V1-151022 is a 150Mbps Wireless N Mini Pocket router, and Archer-C5-V2-160201 is a Wireless Dual Band Gigabit router. These SOHO devices are sold by TP-Link and their latest firmware available as of January 11, 2023, have two vulnerabilities.
CVE-2022-4498 When receiving user input during HTTP Basic Authentication mode, a crafted packet may cause a heap overflow in the httpd daemon. This can lead to denial of service (DoS) if the httpd process crashes or arbitrary remote code execution (RCE).
CVE-2022-4499 A strcmp() function in httpd, is susceptible to a side-channel attack when used to verify usename and password credentials. By measuring the response time of the vulnerable process, each byte of the username and password strings may be easier to guess.
The two different vulnerabilities have unrelated impacts. The first vulnerability is a heap-based buffer overflow that can cause a crash or allow for arbitrary remote code execution. The second vulnerability is an information disclosure issue where the function used by the httpd process may allow an attacker to guess each byte of a username and password deterministically.
The CERT/CC is currently unaware of a practical solution to this problem.
Thanks to the reporter, Jonathan Bar of Microsoft, for responsibly disclosing these issues.
This document was written by Timur Snoke.
572615
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Notified: 2022-11-02 Updated: 2023-01-20 CVE-2022-4498 | Unknown |
---|---|
CVE-2022-4499 | Unknown |
We have not received a statement from the vendor.
We have not received a statement from the vendor.
CVE IDs: | CVE-2022-4498 CVE-2022-4499 |
---|---|
API URL: | VINCE JSON |
Date Public: | 2023-01-17 Date First Published: |