Table of Contents
  • Home
  • /
  • Blog
  • /
  • Two Zero-Day Unpatched Vulnerabilities in TP-Link Routers
January 24, 2023
|
3m

Two Zero-Day Unpatched Vulnerabilities in TP-Link Routers


Two Zero Day Unpatched Vulnerabilities In Tp Link Routers

A couple of vulnerabilities were discovered on a couple of TP-Link products. The vulnerabilities identified as CVE-2022-4498 and CVE-2022-4499 are rated Critical & High and assigned CVSS scores of 9.8 & 7.5 on the scale. It is worth knowing about the vulnerabilities as these flaws allow threat actors to perform arbitrary code execution, Denial of Services, device crash, and username and password guess on the vulnerable devices. We created this post to create awareness about these unpatched vulnerabilities in TP-Link Routers. Let’s get started.

Summary of The Two Unpatched Vulnerabilities in TP-Link Routers

A 150Mbps Wireless N mini pocket router, WR710N-V1-151022, and a dual-band gigabit wireless router, Archer-C5-V2-160201, with their latest firmware available as of January 11, 2023, are prone to two unpatched vulnerabilities. Let’s see one after another in the below sections.

Summary of CVE-2022-4498

The flaw is due to improper handling of user input during HTTP Basic Authentication mode. A specially crafted HTTP request can cause a heap overflow in the httpd daemon. This would lead to the crash of httpd daemon would further stage to denial of service or remote code execution.

In other words, we could say that this vulnerability could let remote attackers execute arbitrary code without authentication in the affected TP-Link routers.

Associated CVE IDCVE-2022-4498
DescriptionA critical buffer overflow vulnerability
Associated ZDI ID
CVSS Score9.8 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score5.9
Exploitability Score3.9
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Summary of CVE-2022-4499

The flaw lice in the strcmp() function in httpd. This vulnerability allows a threat actor to guess each byte of a username and password input during authentication by measuring the response time of the vulnerable process.

Associated CVE IDCVE-2022-4499
DescriptionA side-channel vulnerability allows to guess the credentials
Associated ZDI ID
CVSS Score7.5 High
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score3.6
Exploitability Score3.9
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)None
availability (a)None

Fix or Workaround

At the time of publishing this post, there are no official fixes or workaround released either by the Vendor or any third-party security firms. Please reach out to TP-Link or keep checking the CERT/CC advisory for any updates. 

We hope this post would help you know about the two unpatched vulnerabilities in TP-Link Routers. Please share this post if you find this interested. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instagram, and subscribe to receive updates like this.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe