Search criteria
6 vulnerabilities found for tl-wr710n_firmware by tp-link
FKIE_CVE-2022-4498
Vulnerability from fkie_nvd - Published: 2023-01-11 21:15 - Updated: 2025-11-04 20:16
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/572615 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c5_firmware | 2_160201_us | |
| tp-link | archer_c5 | 2.0 | |
| tp-link | tl-wr710n_firmware | 1_151022_us | |
| tp-link | tl-wr710n | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CD0ED5-31F0-47CD-AC06-FA1909722F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE42DA9-9225-4D3F-920E-DD826369FB49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*",
"matchCriteriaId": "343FFD09-AE5D-48F3-A6A9-F28A66D3D49D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E936B0D-9F70-4F35-A135-6255FA6405DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution."
},
{
"lang": "es",
"value": "En los routers TP-Link, Archer C5 y WR710N-V1, que ejecutan el \u00faltimo c\u00f3digo disponible, al recibir autenticaci\u00f3n b\u00e1sica HTTP, se puede enviar al servicio httpd un paquete manipulado que provoca un desbordamiento del almacenamiento din\u00e1mico. Esto puede resultar en un DoS (al bloquear el proceso httpd) o en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-4498",
"lastModified": "2025-11-04T20:16:15.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-11T21:15:10.213",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/572615"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-4499
Vulnerability from fkie_nvd - Published: 2023-01-11 19:15 - Updated: 2025-11-04 20:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/572615 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c5_firmware | 2_160201_us | |
| tp-link | archer_c5 | 2.0 | |
| tp-link | tl-wr710n_firmware | 1_151022_us | |
| tp-link | tl-wr710n | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CD0ED5-31F0-47CD-AC06-FA1909722F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE42DA9-9225-4D3F-920E-DD826369FB49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*",
"matchCriteriaId": "343FFD09-AE5D-48F3-A6A9-F28A66D3D49D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E936B0D-9F70-4F35-A135-6255FA6405DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."
},
{
"lang": "es",
"value": "Los routers TP-Link, Archer C5 y WR710N-V1, que utilizan el software m\u00e1s reciente, la funci\u00f3n strcmp utilizada para verificar las credenciales en httpd, son susceptibles a un ataque de canal lateral. Al medir el tiempo de respuesta del proceso httpd, un atacante podr\u00eda adivinar cada byte del nombre de usuario y la contrase\u00f1a."
}
],
"id": "CVE-2022-4499",
"lastModified": "2025-11-04T20:16:15.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-11T19:15:10.170",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/572615"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-4498 (GCVE-0-2022-4498)
Vulnerability from cvelistv5 – Published: 2023-01-11 20:38 – Updated: 2025-11-04 19:14
VLAI?
Summary
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:14.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"url": "https://www.kb.cert.org/vuls/id/572615"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:14:59.035196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:15:15.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WR710N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V1-151022"
}
]
},
{
"product": "Archer C5",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V2_160221_US"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T20:38:37.312Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api//cve/CVE-2022-4498"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-4498",
"datePublished": "2023-01-11T20:38:37.312Z",
"dateReserved": "2022-12-14T17:59:41.586Z",
"dateUpdated": "2025-11-04T19:14:14.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4499 (GCVE-0-2022-4499)
Vulnerability from cvelistv5 – Published: 2023-01-11 18:48 – Updated: 2025-11-04 19:14
VLAI?
Summary
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:15.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"url": "https://www.kb.cert.org/vuls/id/572615"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:40:07.571499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:40:37.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WR710N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V1-151022"
}
]
},
{
"product": "Archer C5",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V2_160221_US"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-676",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T17:03:51.519Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-4499"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-4499",
"datePublished": "2023-01-11T18:48:41.778Z",
"dateReserved": "2022-12-14T18:09:49.250Z",
"dateUpdated": "2025-11-04T19:14:15.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4498 (GCVE-0-2022-4498)
Vulnerability from nvd – Published: 2023-01-11 20:38 – Updated: 2025-11-04 19:14
VLAI?
Summary
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:14.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"url": "https://www.kb.cert.org/vuls/id/572615"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:14:59.035196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:15:15.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WR710N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V1-151022"
}
]
},
{
"product": "Archer C5",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V2_160221_US"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T20:38:37.312Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api//cve/CVE-2022-4498"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-4498",
"datePublished": "2023-01-11T20:38:37.312Z",
"dateReserved": "2022-12-14T17:59:41.586Z",
"dateUpdated": "2025-11-04T19:14:14.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4499 (GCVE-0-2022-4499)
Vulnerability from nvd – Published: 2023-01-11 18:48 – Updated: 2025-11-04 19:14
VLAI?
Summary
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:15.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"url": "https://www.kb.cert.org/vuls/id/572615"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:40:07.571499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:40:37.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WR710N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V1-151022"
}
]
},
{
"product": "Archer C5",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V2_160221_US"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-676",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T17:03:51.519Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-4499"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-4499",
"datePublished": "2023-01-11T18:48:41.778Z",
"dateReserved": "2022-12-14T18:09:49.250Z",
"dateUpdated": "2025-11-04T19:14:15.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}