Vulnerability Details CVE-2022-4498
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.5%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2022-4498
-
cpe:2.3:h:tp-link:archer_c5:2.0
-
cpe:2.3:h:tp-link:tl-wr710n:1.0
-
cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us
-
cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us