In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
References
Link | Resource |
---|---|
https://kb.cert.org/vuls/id/572615 | Third Party Advisory US Government Resource VDB Entry |
Configurations
History
06 Jul 2023, 14:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
References | (MISC) https://kb.cert.org/vuls/id/572615 - Third Party Advisory, US Government Resource, VDB Entry |
19 Jan 2023, 19:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
References | (MISC) https://kb.cert.org/vuls/id/572615 - Third Party Advisory, VDB Entry | |
First Time |
Tp-link tl-wr710n Firmware
Tp-link Tp-link archer C5 Tp-link tl-wr710n Tp-link archer C5 Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:* cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:* cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:* |
11 Jan 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-11 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4498
Mitre link : CVE-2022-4498
CVE.ORG link : CVE-2022-4498
JSON object : View
Products Affected
tp-link
- tl-wr710n_firmware
- tl-wr710n
- archer_c5_firmware
- archer_c5
CWE
CWE-787
Out-of-bounds Write