CVE-2022-4499

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
References
Link Resource
https://kb.cert.org/vuls/id/572615 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*

History

19 Jan 2023, 16:08

Type Values Removed Values Added
First Time Tp-link tl-wr710n Firmware
Tp-link
Tp-link archer C5
Tp-link tl-wr710n
Tp-link archer C5 Firmware
CWE CWE-203
References (MISC) https://kb.cert.org/vuls/id/572615 - (MISC) https://kb.cert.org/vuls/id/572615 - Third Party Advisory, VDB Entry
CPE cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

11 Jan 2023, 20:09

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-11 19:15

Updated : 2023-12-10 14:48


NVD link : CVE-2022-4499

Mitre link : CVE-2022-4499

CVE.ORG link : CVE-2022-4499


JSON object : View

Products Affected

tp-link

  • tl-wr710n_firmware
  • tl-wr710n
  • archer_c5_firmware
  • archer_c5
CWE
CWE-203

Observable Discrepancy