TP-Link Archer C5 and WR710N-V1 Routers: HTTP Basic Authentication Heap Overflow Vulnerability

TP-Link Archer C5 and WR710N-V1 Routers: HTTP Basic Authentication Heap Overflow Vulnerability

CVE-2022-4498 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.

Learn more about our Web Application Penetration Testing UK.