Table of Contents
January 24, 2023
|3m
Two Zero-Day Unpatched Vulnerabilities in TP-Link Routers
A couple of vulnerabilities were discovered on a couple of TP-Link products. The vulnerabilities identified as CVE-2022-4498 and CVE-2022-4499 are rated Critical & High and assigned CVSS scores of 9.8 & 7.5 on the scale. It is worth knowing about the vulnerabilities as these flaws allow threat actors to perform arbitrary code execution, Denial of Services, device crash, and username and password guess on the vulnerable devices. We created this post to create awareness about these unpatched vulnerabilities in TP-Link Routers. Let’s get started.
Summary of The Two Unpatched Vulnerabilities in TP-Link Routers
A 150Mbps Wireless N mini pocket router, WR710N-V1-151022, and a dual-band gigabit wireless router, Archer-C5-V2-160201, with their latest firmware available as of January 11, 2023, are prone to two unpatched vulnerabilities. Let’s see one after another in the below sections.
Summary of CVE-2022-4498
The flaw is due to improper handling of user input during HTTP Basic Authentication mode. A specially crafted HTTP request can cause a heap overflow in the httpd daemon. This would lead to the crash of httpd daemon would further stage to denial of service or remote code execution.
In other words, we could say that this vulnerability could let remote attackers execute arbitrary code without authentication in the affected TP-Link routers.
| Associated CVE ID | CVE-2022-4498 |
| Description | A critical buffer overflow vulnerability |
| Associated ZDI ID | |
| CVSS Score | 9.8 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | 5.9 |
| Exploitability Score | 3.9 |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | None |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
Summary of CVE-2022-4499
The flaw lice in the strcmp() function in httpd. This vulnerability allows a threat actor to guess each byte of a username and password input during authentication by measuring the response time of the vulnerable process.
| Associated CVE ID | CVE-2022-4499 |
| Description | A side-channel vulnerability allows to guess the credentials |
| Associated ZDI ID | |
| CVSS Score | 7.5 High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Impact Score | 3.6 |
| Exploitability Score | 3.9 |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | None |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | None |
| availability (a) | None |
Fix or Workaround
At the time of publishing this post, there are no official fixes or workaround released either by the Vendor or any third-party security firms. Please reach out to TP-Link or keep checking the CERT/CC advisory for any updates.
We hope this post would help you know about the two unpatched vulnerabilities in TP-Link Routers. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
- November 12, 2024
Learn Something New with Free Email subscription
Learn Something New with Free Email subscription
Subscribe
Subscribe
Subscribe
Subscribe
- November 12, 2024
