CVE-2022-4498 A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.

2023-01-1120:38:37

certcc

www.cve.org

tp-link

router vulnerability

http basic authentication

denial of service

arbitrary code execution

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

60.4%

JSON

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.

CNA Affected

[
  {
    "vendor": "TP-Link",
    "product": "WR710N",
    "versions": [
      {
        "status": "affected",
        "version": "V1-151022"
      }
    ]
  },
  {
    "vendor": "TP-Link",
    "product": "Archer C5",
    "versions": [
      {
        "status": "affected",
        "version": "V2_160221_US"
      }
    ]
  }
]

References

kb.cert.org/vuls/id/572615