A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.
CVE-2022-4498

9.8CRITICAL

Key Information:

Vendor: Tp-link
Status: Wr710n; Archer C5
Vendor: CVE Published:; 11 January 2023

Summary

The vulnerability in TP-Link routers, specifically the Archer C5 and WR710N-V1 models, allows for a heap overflow through crafted packets sent during HTTP Basic Authentication. This flaw can lead to a denial of service by crashing the httpd service or facilitate arbitrary code execution, jeopardizing the security and functionality of the affected devices. It is crucial for users to apply mitigations and updates to safeguard against potential exploitation.

Affected Version(s)

Archer C5 V2_160221_US

WR710N V1-151022

References

https://kb.cert.org/vuls/id/572615

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2023
Vulnerability Reserved
Dec 14, 2022