Tp-Link Archer C5 vulnerabilities
3 known vulnerabilities affecting tp-link/archer_c5.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2022-4498P3CRITICALCVSS 9.8vV2_160221_US2023-01-11
CVE-2022-4498 [CRITICAL] CWE-787 CVE-2022-4498: In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.
nvd
CVE-2023-39224P3HIGHCVSS 8.0vfirmware all versions2023-09-06
CVE-2023-39224 [HIGH] CWE-78 CVE-2023-39224: Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' a
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
nvd
CVE-2022-4499P3HIGHCVSS 7.5vV2_160221_US2023-01-11
CVE-2022-4499 [HIGH] CWE-203 CVE-2022-4499: TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for ch
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.
nvd