TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
References
Link | Resource |
---|---|
https://kb.cert.org/vuls/id/572615 | Third Party Advisory VDB Entry |
Configurations
History
19 Jan 2023, 16:08
Type | Values Removed | Values Added |
---|---|---|
First Time |
Tp-link tl-wr710n Firmware
Tp-link Tp-link archer C5 Tp-link tl-wr710n Tp-link archer C5 Firmware |
|
CWE | CWE-203 | |
References | (MISC) https://kb.cert.org/vuls/id/572615 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:* cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:* cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
11 Jan 2023, 20:09
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-11 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4499
Mitre link : CVE-2022-4499
CVE.ORG link : CVE-2022-4499
JSON object : View
Products Affected
tp-link
- tl-wr710n_firmware
- tl-wr710n
- archer_c5_firmware
- archer_c5
CWE
CWE-203
Observable Discrepancy