VDB
CVE-2022-4499
CVE-2022-4499
PUBLISHED
CVSS 7.5 HIGH
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
EPSS 0.12% · 30.5th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.12%
30.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| TP-Link | Archer C5 | V2_160221_US |
| tp-link | tl-wr710n_firmware | 1_151022_us |
| TP-Link | WR710N | V1-151022 |
| tp-link | archer_c5_firmware | 2_160201_us |
Timeline
- Jan 11, 2023 CVE Published
- Jan 12, 2023 EPSS Score
- Feb 22, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 4, 2023 EPSS Score
- May 14, 2023 EPSS Score
- Jun 24, 2023 EPSS Score
- Aug 4, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
- Dec 5, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Feb 24, 2024 EPSS Score