VDB
CVE-2022-4498
CVE-2022-4498
PUBLISHED
CVSS 9.800000190734863 CRITICAL
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
EPSS 1.15% · 78.9th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
1.15%
78.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| tp-link | archer_c5_firmware | * |
| tp-link | tl-wr710n_firmware | * |
| TP-Link | WR710N | V1-151022 |
| TP-Link | Archer C5 | V2_160221_US |
Timeline
- Jan 11, 2023 CVE Published
- Jan 12, 2023 EPSS Score
- Jan 20, 2023 EPSS Score
- Feb 22, 2023 EPSS Score
- Apr 4, 2023 EPSS Score
- May 14, 2023 EPSS Score
- Jun 24, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
- Oct 25, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Feb 24, 2024 EPSS Score