AX10v1
by TP-Link
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41540 | 0.00 | — | 0.01 | Oct 18, 2022 | The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via… | |||
| CVE-2022-41541 | 0.00 | — | 0.01 | Oct 18, 2022 | TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user. | |||
| CVE-2021-41450 | 0.00 | — | 0.02 | Dec 8, 2021 | An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. |
- CVE-2022-41540Oct 18, 2022risk 0.00cvss —epss 0.01
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via…
- CVE-2022-41541Oct 18, 2022risk 0.00cvss —epss 0.01
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.
- CVE-2021-41450Dec 8, 2021risk 0.00cvss —epss 0.02
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.