In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
References
Link | Resource |
---|---|
https://kb.cert.org/vuls/id/572615 | Third Party Advisory US Government Resource VDB Entry |
Configurations
History
06 Jul 2023, 14:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-11 21:15
Updated : 2024-02-04 23:14
NVD link : CVE-2022-4498
Mitre link : CVE-2022-4498
CVE.ORG link : CVE-2022-4498
JSON object : View
Products Affected
tp-link
- tl-wr710n
- tl-wr710n_firmware
- archer_c5
- archer_c5_firmware
CWE
CWE-787
Out-of-bounds Write