Lucene search

[email protected]CVE-2022-4498

HistoryJan 11, 2023 - 9:15 p.m.

CVE-2022-4498

2023-01-1121:15:10

CWE-787

[email protected]

web.nvd.nist.gov

tp-link

archer c5

wr710n-v1

cve-2022-4498

http basic authentication

heap overflow

dos

arbitrary code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.5%

JSON

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.

Affected configurations

NVD

Node

tp-linkarcher_c5_firmwareMatch2_160201_us

AND

tp-linkarcher_c5Match2.0

Node

tp-linktl-wr710n_firmwareMatch1_151022_us

AND

tp-linktl-wr710nMatch1.0

CPENameOperatorVersion
tp-link:archer_c5_firmwaretp-link archer c5 firmwareeq2_160201_us

CPE	Name	Operator	Version
tp-link:archer_c5_firmware	tp-link archer c5 firmware	eq	2_160201_us

CNA Affected

[
  {
    "vendor": "TP-Link",
    "product": "WR710N",
    "versions": [
      {
        "status": "affected",
        "version": "V1-151022"
      }
    ]
  },
  {
    "vendor": "TP-Link",
    "product": "Archer C5",
    "versions": [
      {
        "status": "affected",
        "version": "V2_160221_US"
      }
    ]
  }
]