Vulnerabilites related to tp-link - tl-wr710n_firmware
Vulnerability from fkie_nvd
Published
2023-01-11 19:15
Modified
2025-04-09 14:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c5_firmware | 2_160201_us | |
| tp-link | archer_c5 | 2.0 | |
| tp-link | tl-wr710n_firmware | 1_151022_us | |
| tp-link | tl-wr710n | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CD0ED5-31F0-47CD-AC06-FA1909722F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE42DA9-9225-4D3F-920E-DD826369FB49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*",
"matchCriteriaId": "343FFD09-AE5D-48F3-A6A9-F28A66D3D49D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E936B0D-9F70-4F35-A135-6255FA6405DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."
},
{
"lang": "es",
"value": "Los routers TP-Link, Archer C5 y WR710N-V1, que utilizan el software m\u00e1s reciente, la funci\u00f3n strcmp utilizada para verificar las credenciales en httpd, son susceptibles a un ataque de canal lateral. Al medir el tiempo de respuesta del proceso httpd, un atacante podr\u00eda adivinar cada byte del nombre de usuario y la contrase\u00f1a."
}
],
"id": "CVE-2022-4499",
"lastModified": "2025-04-09T14:15:26.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-11T19:15:10.170",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-11 21:15
Modified
2025-04-09 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, US Government Resource, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c5_firmware | 2_160201_us | |
| tp-link | archer_c5 | 2.0 | |
| tp-link | tl-wr710n_firmware | 1_151022_us | |
| tp-link | tl-wr710n | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CD0ED5-31F0-47CD-AC06-FA1909722F91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE42DA9-9225-4D3F-920E-DD826369FB49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*",
"matchCriteriaId": "343FFD09-AE5D-48F3-A6A9-F28A66D3D49D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E936B0D-9F70-4F35-A135-6255FA6405DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution."
},
{
"lang": "es",
"value": "En los routers TP-Link, Archer C5 y WR710N-V1, que ejecutan el \u00faltimo c\u00f3digo disponible, al recibir autenticaci\u00f3n b\u00e1sica HTTP, se puede enviar al servicio httpd un paquete manipulado que provoca un desbordamiento del almacenamiento din\u00e1mico. Esto puede resultar en un DoS (al bloquear el proceso httpd) o en la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-4498",
"lastModified": "2025-04-09T15:15:55.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-11T21:15:10.213",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-4499 (GCVE-0-2022-4499)
Vulnerability from cvelistv5
Published
2023-01-11 18:48
Modified
2025-04-09 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:40:07.571499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:40:37.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WR710N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V1-151022"
}
]
},
{
"product": "Archer C5",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V2_160221_US"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-676",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T17:03:51.519Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-4499"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-4499",
"datePublished": "2023-01-11T18:48:41.778Z",
"dateReserved": "2022-12-14T18:09:49.250Z",
"dateUpdated": "2025-04-09T13:40:37.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4498 (GCVE-0-2022-4498)
Vulnerability from cvelistv5
Published
2023-01-11 20:38
Modified
2025-04-09 14:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:14:59.035196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:15:15.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WR710N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V1-151022"
}
]
},
{
"product": "Archer C5",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V2_160221_US"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T20:38:37.312Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/572615"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api//cve/CVE-2022-4498"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2022-4498",
"datePublished": "2023-01-11T20:38:37.312Z",
"dateReserved": "2022-12-14T17:59:41.586Z",
"dateUpdated": "2025-04-09T14:15:15.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}