A couple of vulnerabilities were discovered on a couple of TP-Link products. The vulnerabilities identified as CVE-2022-4498 and CVE-2022-4499 are rated Critical & High and assigned CVSS scores of 9.8 & 7.5 on the scale. It is worth knowing about the vulnerabilities as these flaws allow threat actors to perform arbitrary code execution, Denial of Services, device crash, and username and password guess on the vulnerable devices. We created this post to create awareness about these unpatched vulnerabilities in TP-Link Routers. Let’s get started.
A 150Mbps Wireless N mini pocket router, WR710N-V1-151022, and a dual-band gigabit wireless router, Archer-C5-V2-160201, with their latest firmware available as of January 11, 2023, are prone to two unpatched vulnerabilities. Let’s see one after another in the below sections.
The flaw is due to improper handling of user input during HTTP Basic Authentication mode. A specially crafted HTTP request can cause a heap overflow in the httpd daemon. This would lead to the crash of httpd daemon would further stage to denial of service or remote code execution.
In other words, we could say that this vulnerability could let remote attackers execute arbitrary code without authentication in the affected TP-Link routers.
Associated CVE ID | CVE-2022-4498 |
Description | A critical buffer overflow vulnerability |
Associated ZDI ID | |
CVSS Score | 9.8 Critical |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Impact Score | 5.9 |
Exploitability Score | 3.9 |
Attack Vector (AV) | Network |
Attack Complexity (AC) | Low |
Privilege Required (PR) | None |
User Interaction (UI) | None |
Scope | Unchanged |
Confidentiality (C) | High |
Integrity (I) | High |
availability (a) | High |
The flaw lice in the strcmp() function in httpd. This vulnerability allows a threat actor to guess each byte of a username and password input during authentication by measuring the response time of the vulnerable process.
Associated CVE ID | CVE-2022-4499 |
Description | A side-channel vulnerability allows to guess the credentials |
Associated ZDI ID | |
CVSS Score | 7.5 High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Impact Score | 3.6 |
Exploitability Score | 3.9 |
Attack Vector (AV) | Network |
Attack Complexity (AC) | Low |
Privilege Required (PR) | None |
User Interaction (UI) | None |
Scope | Unchanged |
Confidentiality (C) | High |
Integrity (I) | None |
availability (a) | None |
At the time of publishing this post, there are no official fixes or workaround released either by the Vendor or any third-party security firms. Please reach out to TP-Link or keep checking the CERT/CC advisory for any updates.
We hope this post would help you know about the two unpatched vulnerabilities in TP-Link Routers. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.