Vulnerabilites related to tp-link - archer_c5
cve-2022-4499
Vulnerability from cvelistv5
Published
2023-01-11 18:48
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.cert.org/vuls/id/572615 |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WR710N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V1-151022"
}
]
},
{
"product": "Archer C5",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V2_160221_US"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-676",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T17:03:51.519Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-4499"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-4499",
"datePublished": "2023-01-11T18:48:41.778Z",
"dateReserved": "2022-12-14T18:09:49.250Z",
"dateUpdated": "2024-08-03T01:41:45.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4498
Vulnerability from cvelistv5
Published
2023-01-11 20:38
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.cert.org/vuls/id/572615 |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WR710N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V1-151022"
}
]
},
{
"product": "Archer C5",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V2_160221_US"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T20:38:37.312Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api//cve/CVE-2022-4498"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-4498",
"datePublished": "2023-01-11T20:38:37.312Z",
"dateReserved": "2022-12-14T17:59:41.586Z",
"dateUpdated": "2024-08-03T01:41:44.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-9375
Vulnerability from cvelistv5
Published
2020-03-25 14:17
Modified
2024-08-04 10:26
Severity ?
EPSS score ?
Summary
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T16:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html",
"refsource": "MISC",
"url": "https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html"
},
{
"name": "https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware",
"refsource": "CONFIRM",
"url": "https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware"
},
{
"name": "http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9375",
"datePublished": "2020-03-25T14:17:59",
"dateReserved": "2020-02-24T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19537
Vulnerability from cvelistv5
Published
2018-11-26 03:00
Modified
2024-08-05 11:37
Severity ?
EPSS score ?
Summary
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/JackDoan/TP-Link-ArcherC5-RCE | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JackDoan/TP-Link-ArcherC5-RCE"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-26T03:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JackDoan/TP-Link-ArcherC5-RCE"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JackDoan/TP-Link-ArcherC5-RCE",
"refsource": "MISC",
"url": "https://github.com/JackDoan/TP-Link-ArcherC5-RCE"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19537",
"datePublished": "2018-11-26T03:00:00",
"dateReserved": "2018-11-25T00:00:00",
"dateUpdated": "2024-08-05T11:37:11.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35575
Vulnerability from cvelistv5
Published
2020-12-26 02:02
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tp-link.com/us/security | x_refsource_MISC | |
| https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip | x_refsource_MISC | |
| https://pastebin.com/F8AuUdck | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tp-link.com/us/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/F8AuUdck"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-24T19:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tp-link.com/us/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/F8AuUdck"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tp-link.com/us/security",
"refsource": "MISC",
"url": "https://www.tp-link.com/us/security"
},
{
"name": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip",
"refsource": "MISC",
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot(201211).zip"
},
{
"name": "https://pastebin.com/F8AuUdck",
"refsource": "MISC",
"url": "https://pastebin.com/F8AuUdck"
},
{
"name": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35575",
"datePublished": "2020-12-26T02:02:45",
"dateReserved": "2020-12-20T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-03-25 15:15
Modified
2024-11-21 05:40
Severity ?
Summary
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c50 | build_170822 | |
| tp-link | archer_c50 | build_171227 | |
| tp-link | archer_c50 | build_200318 | |
| tp-link | archer_c5 | v3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c50:build_170822:*:*:*:*:*:*:*",
"matchCriteriaId": "E4EDB0E7-E9FE-4371-917A-1258D0CF9D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tp-link:archer_c50:build_171227:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0474A9-EBA6-474E-BD3B-9F261227032F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tp-link:archer_c50:build_200318:*:*:*:*:*:*:*",
"matchCriteriaId": "5762BFD2-3B37-47A8-BBA8-F6403867881B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "C68C3693-6330-4EEE-986F-449194C06190",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field."
},
{
"lang": "es",
"value": "Dispositivos TP-Link Archer C50 versiones V3 anteriores a Build 200318 Rel. 62209, permite a atacantes remotos causar una denegaci\u00f3n de servicio por medio de un Encabezado HTTP dise\u00f1ado que contiene un campo Referer inesperado."
}
],
"id": "CVE-2020-9375",
"lastModified": "2024-11-21T05:40:30.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-25T15:15:11.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-11 21:15
Modified
2024-11-21 07:35
Severity ?
Summary
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, US Government Resource, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c5_firmware | 2_160201_us | |
| tp-link | archer_c5 | 2.0 | |
| tp-link | tl-wr710n_firmware | 1_151022_us | |
| tp-link | tl-wr710n | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CD0ED5-31F0-47CD-AC06-FA1909722F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE42DA9-9225-4D3F-920E-DD826369FB49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*",
"matchCriteriaId": "343FFD09-AE5D-48F3-A6A9-F28A66D3D49D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E936B0D-9F70-4F35-A135-6255FA6405DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution."
},
{
"lang": "es",
"value": "En los routers TP-Link, Archer C5 y WR710N-V1, que ejecutan el \u00faltimo c\u00f3digo disponible, al recibir autenticaci\u00f3n b\u00e1sica HTTP, se puede enviar al servicio httpd un paquete manipulado que provoca un desbordamiento del almacenamiento din\u00e1mico. Esto puede resultar en un DoS (al bloquear el proceso httpd) o en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-4498",
"lastModified": "2024-11-21T07:35:23.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-11T21:15:10.213",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-26 02:15
Modified
2024-11-21 05:27
Severity ?
Summary
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wa901nd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78454764-D995-4121-B5D4-7EB8D2D25C56",
"versionEndExcluding": "3.16.9\\(201211\\)_beta",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wa901nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D360D3B-C006-4678-9D2A-2F8B133D8A51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C29C27F0-386F-46C7-A2FA-2ADE81887ABA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25DA417-60F3-4E78-A770-709E4FF04504",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c7_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C56C283F-CEB9-4DB9-B7F7-3F3C01E8BDDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDC2B7F-FB5F-4EFF-B928-98CA250CB7A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:mr3420_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F596DB1-A414-4528-A075-AEB9B4C9A836",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:mr3420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE2F6C3-F312-489B-9688-3425D5F70B7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:mr6400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108C6248-A5AA-4C55-8DD3-6355C1423DA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:mr6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F28ABF89-111A-49E0-9FCF-88C73A49D4B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wa701nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6898D0DA-977C-4274-AFE7-15949075EBF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wa701nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "927C2347-E983-4B56-8CEE-C38E983F5527",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wa801nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD656094-A2F9-4E51-9011-2D36EB668BBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wa801nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B1E54A-036A-4B0B-AB37-B68651234D9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wdr3500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A6B2A9-E063-459B-AE3B-4F54591DA0FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wdr3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBD8E7C-A05F-4F61-B91C-2228B1B7C989",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wdr3600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0B6B6A-89C6-4AB5-AD7E-5B22A5A767A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wdr3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28E797DA-B428-439E-A31C-B4E6B3BB2180",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:we843n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE110E1-D900-4A89-80F7-3B70227BCF74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:we843n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3338F5-B1BF-4B18-A725-544F4D90BD8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr1043nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94301AEF-B801-4BE4-AD8F-ED732680461C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr1043nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8079B0F-1061-4DA1-B43D-1CDDB60D6DC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr1045nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5372D0C1-B2A8-4A83-BB88-3C3D97C4C5BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr1045nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F5D576-CC51-4D18-B9FC-75496CFB85EC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr740n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE51163-C290-4C5D-A187-5AC3933CCD93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr740n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF514269-E922-4F2B-9A14-B99AA66C5BDE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr741nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCD1B98-1A1F-45CF-AD3A-78F45E8D14F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr741nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87251418-A84D-4BA2-A016-349E980BD04E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr749n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3850BA2F-EE3C-4C44-A26F-353E46E40077",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr749n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E290F2A8-C798-49F7-A560-CCEC8BCF3861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr802n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91EF60F7-D1B5-4A21-97C1-91E902CD02D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr802n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02D02C2D-AEF5-4B53-AA4F-43884D604F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr840n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3355F6-8EAF-43DD-A946-7492C63E2805",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr840n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D05124E-DAD8-4F65-804C-4BBD0AA2637F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr841hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B88EDFD-0DFF-43C6-99BE-73EB321016EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr841hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C9B9EA-D52D-47E5-841F-279CA21C5992",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr841n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3885AABC-674C-4C11-8749-20949AD3A9D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr841n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE54BD8-2B60-41D1-B9A7-7DF60E855120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr842n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C871979-0156-4BEB-AFB2-976D8213D6A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr842n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89313A6F-A222-490E-9A31-2E4E71B4F789",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr842nd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1D5E20-2D4D-4CBC-A97A-F6AB52575049",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr842nd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE2A50B-197D-4FBE-980E-775D5947FF5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr845n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2B244B-B379-4FAE-B9A2-2A0B7E6F068E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr845n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57E0FBB1-8836-4F77-BB29-E332073F90FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr940n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B954DE5B-3D99-43B6-8BC2-67E37581E911",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr940n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "839BE14B-F80C-4788-94ED-E6D7FC3BE290",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr941hp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584EB85-EC07-44BE-A7F3-EF164955670A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr941hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC75F36-DD1D-4152-9583-105C1BDC6A2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr945n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2423E4EB-547B-47C2-9238-47428375BD97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr945n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F2019-E1AB-4EEA-951F-1C9EEFE52506",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wr949n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A83783-C56D-49F9-8D81-69D2C5AB3633",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wr949n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BA5B32-2AA9-4462-BFF5-AF4958CDDCE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:wrd4300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03F3ABE3-5679-4898-8C72-C084FC4D9DD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:wrd4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42E905BF-2020-44B3-A742-8E50A0DE1373",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices."
},
{
"lang": "es",
"value": "Un problema de divulgaci\u00f3n de contrase\u00f1a en la interfaz web de determinados dispositivos TP-Link permite a un atacante remoto obtener acceso administrativo completo al panel web.\u0026#xa0;Esto afecta a los dispositivos WA901ND versiones anteriores a 3.16.9(201211) beta, y los dispositivos Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR840249N, WR840249N, Dispositivos WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N y WRD4300"
}
],
"id": "CVE-2020-35575",
"lastModified": "2024-11-21T05:27:36.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-26T02:15:12.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/F8AuUdck"
},
{
"source": "cve@mitre.org",
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tp-link.com/us/security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163274/TP-Link-TL-WR841N-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/F8AuUdck"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://static.tp-link.com/2020/202012/20201214/wa901ndv5_eu_3_16_9_up_boot%28201211%29.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tp-link.com/us/security"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-26 03:29
Modified
2024-11-21 03:58
Severity ?
Summary
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/JackDoan/TP-Link-ArcherC5-RCE | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/JackDoan/TP-Link-ArcherC5-RCE | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c5_firmware | * | |
| tp-link | archer_c5 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5DA29F-D7E5-431E-8226-BFEFB756B586",
"versionEndIncluding": "2_160201_us",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C25DA417-60F3-4E78-A770-709E4FF04504",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases."
},
{
"lang": "es",
"value": "Los dispositivos TP-Link Archer C5 hasta la versi\u00f3n V2_160201_US permiten la ejecuci\u00f3n de comandos mediante metacaracteres shell en la l\u00ednea wan_dyn_hostname de un archivo de configuraci\u00f3n cifrado con la clave 478DA50BF9E3D2CF y subido mediante la interfaz de la web a trav\u00e9s de la cuenta web de administraci\u00f3n. En algunos casos se podr\u00eda utilizar la contrase\u00f1a admin por defecto."
}
],
"id": "CVE-2018-19537",
"lastModified": "2024-11-21T03:58:07.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-26T03:29:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/JackDoan/TP-Link-ArcherC5-RCE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/JackDoan/TP-Link-ArcherC5-RCE"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-11 19:15
Modified
2024-11-21 07:35
Severity ?
Summary
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c5_firmware | 2_160201_us | |
| tp-link | archer_c5 | 2.0 | |
| tp-link | tl-wr710n_firmware | 1_151022_us | |
| tp-link | tl-wr710n | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CD0ED5-31F0-47CD-AC06-FA1909722F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE42DA9-9225-4D3F-920E-DD826369FB49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*",
"matchCriteriaId": "343FFD09-AE5D-48F3-A6A9-F28A66D3D49D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E936B0D-9F70-4F35-A135-6255FA6405DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."
},
{
"lang": "es",
"value": "Los routers TP-Link, Archer C5 y WR710N-V1, que utilizan el software m\u00e1s reciente, la funci\u00f3n strcmp utilizada para verificar las credenciales en httpd, son susceptibles a un ataque de canal lateral. Al medir el tiempo de respuesta del proceso httpd, un atacante podr\u00eda adivinar cada byte del nombre de usuario y la contrase\u00f1a."
}
],
"id": "CVE-2022-4499",
"lastModified": "2024-11-21T07:35:23.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-11T19:15:10.170",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}