all InfoSec news
VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities:
- A buffer overflow during HTTP Basic Authentication allowing a remote attacker to corrupt memory allocated on a heap causing denial of service or arbitrary code execution;
- A side-channel attack via a strcmp() function in the HTTP daemon allowing deterministic guessing of each byte of a username and password input during authentication.
Description
TP-Link device WR710N-V1-151022 is a 150Mbps Wireless N Mini …
attack authentication basic buffer buffer overflow channel code code execution corrupt daemon denial of service firmware function http input link memory overflow password router routers service side-channel side-channel attack tp-link username vulnerabilities