First published: Wed Jan 11 2023(Updated: )
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tp-link Archer C5 Firmware | =2_160201_us | |
TP-Link Archer C5 | =2.0 | |
Tp-link Tl-wr710n Firmware | =1_151022_us | |
Tp-link Tl-wr710n | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-4498.
The TP-Link routers Archer C5 and WR710N-V1 are affected.
The severity rating of CVE-2022-4498 is critical with a severity value of 9.8.
Exploiting this vulnerability can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
No specific fix information is provided in the vulnerability description, but it is recommended to check for firmware updates from TP-Link.