CVE-2022-4498

Name of the Vulnerable Software and Affected Versions TP-Link Archer C5 version 2 TP-Link WR710N version 1

Description The issue is related to a heap-based buffer overflow when handling packets, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. The httpd service is vulnerable when receiving HTTP Basic Authentication, allowing a crafted packet to cause a heap overflow. This can result in either a denial of service by crashing the httpd process or arbitrary code execution.

Recommendations For TP-Link Archer C5 version 2, consider disabling the httpd service until a patch is available to prevent exploitation. For TP-Link WR710N version 1, restrict access to the httpd service to minimize the risk of exploitation.