What is CVE-2022-4499?

CVE-2022-4499 is a vulnerability in Tp-link Archer C5, classified under CWE-676. Published 2023-01-11.

Is CVE-2022-4499 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Tp-link Archer C5

CVE-2022-4499

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker coul…

EPSS: 0.001 (30.5th percentile) — read the EPSS interpretation.

Affected products

Tp-link Archer C5 — versions V2_160221_US
Tp-link Wr710n — versions V1-151022

Weakness classification (CWE)

CWE-676

Public proof-of-concept exploits

ARPSyndicate/cvemon
yo-yo-yo-jbo/yo-yo-yo-jbo.github.io

References

kb.cert.org/vuls/id/572615

Frequently asked questions

What is CVE-2022-4499?: CVE-2022-4499 is a vulnerability in Tp-link Archer C5, classified under CWE-676. Published 2023-01-11.
Is CVE-2022-4499 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.