CVE-2022-4499 Information

Description

TP-Link routers Archer C5 and WR710N-V1 using the latest software the strcmp function used for checking credentials in httpd is susceptible to a side-channel attack. By measuring the response time of the httpd process an attacker could guess each byte of the username and password.

Reference

https://kb.cert.org/vuls/id/572615