CVE-2022-4499

Name of the Vulnerable Software and Affected Versions TP-Link Archer C5 version 2 TP-Link WR710N version 1

Description The issue is related to the strcmp function used for checking credentials in the httpd process of TP-Link routers. This function is susceptible to a side-channel attack, where an attacker could measure the response time of the httpd process to guess each byte of the username and password. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For TP-Link Archer C5 version 2, consider disabling the httpd process until a patch is available. For TP-Link WR710N version 1, restrict access to the httpd process to minimize the risk of exploitation. As a temporary workaround, consider implementing additional authentication measures to reduce the risk of unauthorized access.