Lucene search

[email protected]NVD:CVE-2022-4498

HistoryJan 11, 2023 - 9:15 p.m.

CVE-2022-4498

2023-01-1121:15:10

CWE-787

[email protected]

web.nvd.nist.gov

tp-link routers

archer c5

wr710n-v1

httpd service

heap overflow

crafted packet

http basic authentication

dos

arbitrary code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

60.4%

JSON

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.

Affected configurations

Nvd

Node

tp-linkarcher_c5_firmwareMatch2_160201_us

AND

tp-linkarcher_c5Match2.0

Node

tp-linktl-wr710n_firmwareMatch1_151022_us

AND

tp-linktl-wr710nMatch1.0

VendorProductVersionCPE
tp-linkarcher_c5_firmware2_160201_uscpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*
tp-linkarcher_c52.0cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*
tp-linktl-wr710n_firmware1_151022_uscpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*
tp-linktl-wr710n1.0cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	archer_c5_firmware	2_160201_us	cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:::::::*
tp-link	archer_c5	2.0	cpe:2.3:h:tp-link:archer_c5:2.0:::::::*
tp-link	tl-wr710n_firmware	1_151022_us	cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:::::::*
tp-link	tl-wr710n	1.0	cpe:2.3:h:tp-link:tl-wr710n:1.0:::::::*