Vulnerabilites related to tp-link - tl-wr710n
cve-2022-4498
Vulnerability from cvelistv5
Published
2023-01-11 20:38
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.cert.org/vuls/id/572615 |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:41:44.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://kb.cert.org/vuls/id/572615", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WR710N", vendor: "TP-Link", versions: [ { status: "affected", version: "V1-151022", }, ], }, { product: "Archer C5", vendor: "TP-Link", versions: [ { status: "affected", version: "V2_160221_US", }, ], }, ], descriptions: [ { lang: "en", value: "In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T20:38:37.312Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://kb.cert.org/vuls/id/572615", }, ], source: { discovery: "UNKNOWN", }, title: "A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.", x_generator: { engine: "VINCE 2.0.5", env: "prod", origin: "https://cveawg.mitre.org/api//cve/CVE-2022-4498", }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2022-4498", datePublished: "2023-01-11T20:38:37.312Z", dateReserved: "2022-12-14T17:59:41.586Z", dateUpdated: "2024-08-03T01:41:44.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4499
Vulnerability from cvelistv5
Published
2023-01-11 18:48
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.cert.org/vuls/id/572615 |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:41:45.010Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://kb.cert.org/vuls/id/572615", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WR710N", vendor: "TP-Link", versions: [ { status: "affected", version: "V1-151022", }, ], }, { product: "Archer C5", vendor: "TP-Link", versions: [ { status: "affected", version: "V2_160221_US", }, ], }, ], descriptions: [ { lang: "en", value: "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.", }, ], problemTypes: [ { descriptions: [ { description: "CWE-676", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-12T17:03:51.519Z", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://kb.cert.org/vuls/id/572615", }, ], source: { discovery: "UNKNOWN", }, title: "The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.", x_generator: { engine: "VINCE 2.0.5", env: "prod", origin: "https://cveawg.mitre.org/api/cve/CVE-2022-4499", }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2022-4499", datePublished: "2023-01-11T18:48:41.778Z", dateReserved: "2022-12-14T18:09:49.250Z", dateUpdated: "2024-08-03T01:41:45.010Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-01-11 19:15
Modified
2024-11-21 07:35
Severity ?
Summary
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c5_firmware | 2_160201_us | |
| tp-link | archer_c5 | 2.0 | |
| tp-link | tl-wr710n_firmware | 1_151022_us | |
| tp-link | tl-wr710n | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*", matchCriteriaId: "B7CD0ED5-31F0-47CD-AC06-FA1909722F91", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*", matchCriteriaId: "1FE42DA9-9225-4D3F-920E-DD826369FB49", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*", matchCriteriaId: "343FFD09-AE5D-48F3-A6A9-F28A66D3D49D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*", matchCriteriaId: "0E936B0D-9F70-4F35-A135-6255FA6405DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.", }, { lang: "es", value: "Los routers TP-Link, Archer C5 y WR710N-V1, que utilizan el software más reciente, la función strcmp utilizada para verificar las credenciales en httpd, son susceptibles a un ataque de canal lateral. Al medir el tiempo de respuesta del proceso httpd, un atacante podría adivinar cada byte del nombre de usuario y la contraseña.", }, ], id: "CVE-2022-4499", lastModified: "2024-11-21T07:35:23.177", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-11T19:15:10.170", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://kb.cert.org/vuls/id/572615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://kb.cert.org/vuls/id/572615", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-11 21:15
Modified
2024-11-21 07:35
Severity ?
Summary
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/572615 | Third Party Advisory, US Government Resource, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | archer_c5_firmware | 2_160201_us | |
| tp-link | archer_c5 | 2.0 | |
| tp-link | tl-wr710n_firmware | 1_151022_us | |
| tp-link | tl-wr710n | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*", matchCriteriaId: "B7CD0ED5-31F0-47CD-AC06-FA1909722F91", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*", matchCriteriaId: "1FE42DA9-9225-4D3F-920E-DD826369FB49", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*", matchCriteriaId: "343FFD09-AE5D-48F3-A6A9-F28A66D3D49D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*", matchCriteriaId: "0E936B0D-9F70-4F35-A135-6255FA6405DF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.", }, { lang: "es", value: "En los routers TP-Link, Archer C5 y WR710N-V1, que ejecutan el último código disponible, al recibir autenticación básica HTTP, se puede enviar al servicio httpd un paquete manipulado que provoca un desbordamiento del almacenamiento dinámico. Esto puede resultar en un DoS (al bloquear el proceso httpd) o en la ejecución de código arbitrario.", }, ], id: "CVE-2022-4498", lastModified: "2024-11-21T07:35:23.057", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-11T21:15:10.213", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", "VDB Entry", ], url: "https://kb.cert.org/vuls/id/572615", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", "VDB Entry", ], url: "https://kb.cert.org/vuls/id/572615", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }