HIGH🇬🇧 English

CVE-2022-4499

CVSS 7.5v3.1pub. 2023-01-11upd. 2025-11-04

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Tp Link Archer C5

    HW
    Tp-Link
    2.0
  • Tp Link Archer C5 Firmware

    OS
    Tp-Link
    2_160201_us
  • Tp Link Tl Wr710n

    HW
    Tp-Link
    1.0
  • Tp Link Tl Wr710n Firmware

    OS
    Tp-Link
    1_151022_us
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-4498CRITICAL9.8ten sam produkt

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Auth...

CVE-2020-35575CRITICAL9.8ten sam produkt

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get fu...

CVE-2015-3035HIGH7.5⚠ KEVten sam produkt

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmwa...

CVE-2020-9375HIGH7.5ten sam produkt

TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of serv...

CVE-2018-19537HIGH7.2ten sam produkt

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the ...