Lucene search

[email protected]CVE-2022-4499

HistoryJan 11, 2023 - 7:15 p.m.

CVE-2022-4499

2023-01-1119:15:10

CWE-203

[email protected]

web.nvd.nist.gov

cve-2022-4499

tp-link

archer c5

wr710n-v1

side-channel attack

httpd

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%

JSON

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.

Affected configurations

NVD

Node

tp-linkarcher_c5_firmwareMatch2_160201_us

AND

tp-linkarcher_c5Match2.0

Node

tp-linktl-wr710n_firmwareMatch1_151022_us

AND

tp-linktl-wr710nMatch1.0

CPENameOperatorVersion
tp-link:archer_c5_firmwaretp-link archer c5 firmwareeq2_160201_us

CPE	Name	Operator	Version
tp-link:archer_c5_firmware	tp-link archer c5 firmware	eq	2_160201_us

CNA Affected

[
  {
    "vendor": "TP-Link",
    "product": "WR710N",
    "versions": [
      {
        "status": "affected",
        "version": "V1-151022"
      }
    ]
  },
  {
    "vendor": "TP-Link",
    "product": "Archer C5",
    "versions": [
      {
        "status": "affected",
        "version": "V2_160221_US"
      }
    ]
  }
]