VDB

CVE-2022-4499

CVE-2022-4499 PUBLISHED CVSS 7.5 HIGH

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.

EPSS 0.12% · 30.5th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.12%
30.5th percentile

Affected Products

VendorProductVersions
TP-LinkArcher C5V2_160221_US
tp-linktl-wr710n_firmware1_151022_us
TP-LinkWR710NV1-151022
tp-linkarcher_c5_firmware2_160201_us

Timeline

  • Jan 11, 2023 CVE Published
  • Jan 12, 2023 EPSS Score
  • Feb 22, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 4, 2023 EPSS Score
  • May 14, 2023 EPSS Score
  • Jun 24, 2023 EPSS Score
  • Aug 4, 2023 EPSS Score
  • Sep 14, 2023 EPSS Score
  • Dec 5, 2023 EPSS Score
  • Jan 14, 2024 EPSS Score
  • Feb 24, 2024 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›