VDB

CVE-2022-4498

CVE-2022-4498 PUBLISHED CVSS 9.800000190734863 CRITICAL

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.

EPSS 1.15% · 78.9th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
1.15%
78.9th percentile

Affected Products

VendorProductVersions
tp-linkarcher_c5_firmware*
tp-linktl-wr710n_firmware*
TP-LinkWR710NV1-151022
TP-LinkArcher C5V2_160221_US

Timeline

  • Jan 11, 2023 CVE Published
  • Jan 12, 2023 EPSS Score
  • Jan 20, 2023 EPSS Score
  • Feb 22, 2023 EPSS Score
  • Apr 4, 2023 EPSS Score
  • May 14, 2023 EPSS Score
  • Jun 24, 2023 EPSS Score
  • Aug 4, 2023 EPSS Score
  • Sep 14, 2023 EPSS Score
  • Oct 25, 2023 EPSS Score
  • Jan 14, 2024 EPSS Score
  • Feb 24, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›