Lucene search
K

8 matches found

BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.10 views

The vulnerability in the strcmp() function of the httpd daemon of the microprogrammed router software for TP-Link Archer C5 version 2 and TP-Link WR710N version 1 allows a hacker to gain unauthorized access to protected information.

The vulnerability of the strcmp function in the httpd daemon of TP-Link Archer C5 version 2 and TP-Link WR710N version 1 is related to the creation of a secondary synchronization channel due to time differences. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

6.4CVSS7.5AI score0.00709EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2023/01/11 9:15 p.m.63 views

CVE-2022-4498

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

9.8CVSS9.7AI score0.01781EPSS
Exploits0References2
Prion
Prion
added 2023/01/11 9:15 p.m.21 views

Heap overflow

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

7.5CVSS9.7AI score0.01781EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/01/11 8:38 p.m.106 views

CVE-2022-4498

CVE-2022-4498 affects TP-Link WR710N-V1-151022 and Archer C5-V2-160201 via the httpd daemon. A crafted HTTP Basic Authentication input can trigger a heap overflow in httpd, yielding either a DoS (crash) or arbitrary code execution on affected devices. Public sources (CERT/CC and NVD entries) corr...

9.8CVSS9.7AI score0.01781EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/01/11 7:15 p.m.6 views

CVE-2022-4499

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

7.5CVSS5.8AI score0.00709EPSS
Exploits0References2
CVE
CVE
added 2023/01/11 6:48 p.m.72 views

CVE-2022-4499

CVE-2022-4499 affects TP-Link WR710N-V1-151022 and Archer C5-V2-160201 (TP-Link routers). The vulnerability arises from a side-channel attack on the httpd process, specifically a strcmp() used to verify credentials, allowing an attacker to deterministically guess each byte of the username and pas...

7.5CVSS7.5AI score0.00709EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/01/11 6:48 p.m.45 views

CVE-2022-4499 The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

8.2AI score0.00709EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/14 12:0 a.m.7 views

PT-2022-6284 · Tp Link · Tp-Link Archer C5 +1

Name of the Vulnerable Software and Affected Versions: TP-Link Archer C5 version 2 TP-Link WR710N version 1 Description: The issue is related to the strcmp function used for checking credentials in the httpd process of TP-Link routers. This function is susceptible to a side-channel attack, where ...

7.5CVSS7.4AI score0.00709EPSS
Exploits0References12
Rows per page
Query Builder