CVE-2022-4499 - Vulnerability Details - OpenCVE

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Tp-link	Archer C5 Archer C5 Firmware Tl-wr710n Tl-wr710n Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.cert.org/vuls/id/572615

History

Wed, 09 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2023-01-11T18:48:41.778Z

Updated: 2025-04-09T13:40:37.438Z

Reserved: 2022-12-14T18:09:49.250Z

Link: CVE-2022-4499

Vulnrichment

Updated: 2024-08-03T01:41:45.010Z

NVD

Status : Modified

Published: 2023-01-11T19:15:10.170

Modified: 2025-04-09T14:15:26.527

Link: CVE-2022-4499

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4499", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2022-12-14T18:09:49.250Z", "datePublished": "2023-01-11T18:48:41.778Z", "dateUpdated": "2025-04-09T13:40:37.438Z"}, "containers": {"cna": {"title": "The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.", "descriptions": [{"lang": "en", "value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "TP-Link", "product": "WR710N", "versions": [{"status": "affected", "version": "V1-151022"}]}, {"vendor": "TP-Link", "product": "Archer C5", "versions": [{"status": "affected", "version": "V2_160221_US"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-676"}]}], "references": [{"url": "https://kb.cert.org/vuls/id/572615"}], "x_generator": {"engine": "VINCE 2.0.5", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2022-4499"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2023-01-12T17:03:51.519Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:45.010Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.cert.org/vuls/id/572615", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-09T13:40:07.571499Z", "id": "CVE-2022-4499", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T13:40:37.438Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.cert.org/vuls/id/572615", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:45.010Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-4499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-09T13:40:07.571499Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T13:40:31.731Z"}}], "cna": {"title": "The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "TP-Link", "product": "WR710N", "versions": [{"status": "affected", "version": "V1-151022"}]}, {"vendor": "TP-Link", "product": "Archer C5", "versions": [{"status": "affected", "version": "V2_160221_US"}]}], "references": [{"url": "https://kb.cert.org/vuls/id/572615"}], "x_generator": {"env": "prod", "engine": "VINCE 2.0.5", "origin": "https://cveawg.mitre.org/api/cve/CVE-2022-4499"}, "descriptions": [{"lang": "en", "value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-676"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2023-01-12T17:03:51.519Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4499", "state": "PUBLISHED", "dateUpdated": "2025-04-09T13:40:37.438Z", "dateReserved": "2022-12-14T18:09:49.250Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2023-01-11T18:48:41.778Z", "assignerShortName": "certcc"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_c5_firmware:2_160201_us:*:*:*:*:*:*:*", "matchCriteriaId": "B7CD0ED5-31F0-47CD-AC06-FA1909722F91", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_c5:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FE42DA9-9225-4D3F-920E-DD826369FB49", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wr710n_firmware:1_151022_us:*:*:*:*:*:*:*", "matchCriteriaId": "343FFD09-AE5D-48F3-A6A9-F28A66D3D49D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wr710n:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0E936B0D-9F70-4F35-A135-6255FA6405DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password."}, {"lang": "es", "value": "Los routers TP-Link, Archer C5 y WR710N-V1, que utilizan el software m\u00e1s reciente, la funci\u00f3n strcmp utilizada para verificar las credenciales en httpd, son susceptibles a un ataque de canal lateral. Al medir el tiempo de respuesta del proceso httpd, un atacante podr\u00eda adivinar cada byte del nombre de usuario y la contrase\u00f1a."}], "id": "CVE-2022-4499", "lastModified": "2025-04-09T14:15:26.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-11T19:15:10.170", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://kb.cert.org/vuls/id/572615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://kb.cert.org/vuls/id/572615"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}