CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2022-4498

CVSS 9.8v3.1pub. 2023-01-11upd. 2025-11-04

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tp Link Archer C5

    HW
    Tp-Link
    2.0
  • Tp Link Archer C5 Firmware

    OS
    Tp-Link
    2_160201_us
  • Tp Link Tl Wr710n

    HW
    Tp-Link
    1.0
  • Tp Link Tl Wr710n Firmware

    OS
    Tp-Link
    1_151022_us
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2020-35575CRITICAL9.8ten sam produkt

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get fu...

CVE-2015-3035HIGH7.5⚠ KEVten sam produkt

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmwa...

CVE-2022-4499HIGH7.5ten sam produkt

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking cre...

CVE-2020-9375HIGH7.5ten sam produkt

TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of serv...

CVE-2018-19537HIGH7.2ten sam produkt

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the ...

CVE-2022-4498 β€” Tp-Link β€” Archer C5 β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl