TP-Link Archer C5 and WR710N-V1 Routers: HTTP Basic Authentication Heap Overflow Vulnerability
CVE-2022-4498 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
Learn more about our Web Application Penetration Testing UK.