VYPR

AX10v1

by TP-Link

CVEs (3)

  • CVE-2022-41540Oct 18, 2022
    risk 0.00cvss epss 0.01

    The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via…

  • CVE-2022-41541Oct 18, 2022
    risk 0.00cvss epss 0.01

    TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.

  • CVE-2021-41450Dec 8, 2021
    risk 0.00cvss epss 0.02

    An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.