What is CVE-2022-4498?

CVE-2022-4498 is a vulnerability in Tp-link Archer C5, classified under CWE-120 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW'). Published 2023-01-11.

Is CVE-2022-4498 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Tp-link Archer C5

CVE-2022-4498

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashi…

EPSS: 0.012 (78.9th percentile) — read the EPSS interpretation.

Affected products

Tp-link Archer C5 — versions V2_160221_US
Tp-link Wr710n — versions V1-151022

Public proof-of-concept exploits

ARPSyndicate/cvemon
yo-yo-yo-jbo/yo-yo-yo-jbo.github.io

References

kb.cert.org/vuls/id/572615

Frequently asked questions

What is CVE-2022-4498?: CVE-2022-4498 is a vulnerability in Tp-link Archer C5, classified under CWE-120 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW'). Published 2023-01-11.
Is CVE-2022-4498 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.