Details of VAR-202301-0769

ID

VAR-202301-0769

CVE

CVE-2022-4499

TITLE

Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2

Trust: 0.8

sources: CERT/CC: VU#572615

DESCRIPTION

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password. TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities:CVE-2022-4498 Unknown CVE-2022-4499 UnknownCVE-2022-4498 Unknown CVE-2022-4499 Unknown. TP-Link router Archer C5 and WR710N-V1 Exists in observable mismatch vulnerabilities.Information may be obtained

Trust: 2.43

sources: NVD: CVE-2022-4499 // CERT/CC: VU#572615 // JVNDB: JVNDB-2023-001965 // VULMON: CVE-2022-4499

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr710n	scope:	eq	version:	1_151022_us	Trust: 1.0
vendor:	tp link	model:	archer c5	scope:	eq	version:	2_160201_us	Trust: 1.0
vendor:	tp link	model:	tl-wr710n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c5	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-001965 // NVD: CVE-2022-4499

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-4499
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-4499
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-886
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-4499
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-4499
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-001965 // CNNVD: CNNVD-202301-886 // NVD: CVE-2022-4499

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.0
problemtype:	Observable discrepancy (CWE-203) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-001965 // NVD: CVE-2022-4499

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-886

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-886

PATCH

title:

top page

url:

https://www.tp-link.com/jp/

Trust: 0.8

sources: JVNDB: JVNDB-2023-001965

EXTERNAL IDS

db:	NVD	id:	CVE-2022-4499	Trust: 4.1
db:	CERT/CC	id:	VU#572615	Trust: 3.3
db:	JVN	id:	JVNVU97719125	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-001965	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-886	Trust: 0.6
db:	VULMON	id:	CVE-2022-4499	Trust: 0.1

sources: CERT/CC: VU#572615 // VULMON: CVE-2022-4499 // JVNDB: JVNDB-2023-001965 // CNNVD: CNNVD-202301-886 // NVD: CVE-2022-4499

REFERENCES

url:	https://kb.cert.org/vuls/id/572615	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu97719125/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-4499	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-4499/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-4499 // JVNDB: JVNDB-2023-001965 // CNNVD: CNNVD-202301-886 // NVD: CVE-2022-4499

CREDITS

This document was written by Timur Snoke.We have not received a statement from the vendor.

Trust: 0.8

sources: CERT/CC: VU#572615

SOURCES

db:	CERT/CC	id:	VU#572615
db:	VULMON	id:	CVE-2022-4499
db:	JVNDB	id:	JVNDB-2023-001965
db:	CNNVD	id:	CNNVD-202301-886
db:	NVD	id:	CVE-2022-4499

LAST UPDATE DATE

2024-08-14T15:16:18.130000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#572615	date:	2023-01-23T00:00:00
db:	VULMON	id:	CVE-2022-4499	date:	2023-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2023-001965	date:	2023-05-29T09:13:00
db:	CNNVD	id:	CNNVD-202301-886	date:	2023-01-20T00:00:00
db:	NVD	id:	CVE-2022-4499	date:	2023-11-07T03:58:00.407

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#572615	date:	2023-01-17T00:00:00
db:	VULMON	id:	CVE-2022-4499	date:	2023-01-11T00:00:00
db:	JVNDB	id:	JVNDB-2023-001965	date:	2023-05-29T00:00:00
db:	CNNVD	id:	CNNVD-202301-886	date:	2023-01-11T00:00:00
db:	NVD	id:	CVE-2022-4499	date:	2023-01-11T19:15:10.170