CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

NVD•added 2022/10/18 3:15 p.m.•8 views

CVE-2022-41540

The web app client of TP-Link AX10v1 V1211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attac...

5.9CVSS0.05495EPSS

Exploits1References2

OSV•added 2022/10/18 3:15 p.m.•2 views

CVE-2022-41541

TP-Link AX10v1 V1211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user...

8.1CVSS5.9AI score0.00877EPSS

Exploits1References2

Prion•added 2022/10/18 3:15 p.m.•12 views

Authentication flaw

5.1CVSS8.2AI score0.00877EPSS

Exploits1References2Affected Software1

CVE•added 2022/10/18 12:0 a.m.•55 views

CVE-2022-41541

TP-Link AX10v1 (firmware V1_211117) is vulnerable to a replay attack where an attacker reuses a previously encrypted authentication message and valid token, enabling login to the web admin interface. The available sources confirm the authentication flaw and admin access possibility; no explicit e...

8.1CVSS8.2AI score0.00877EPSS

Exploits1References2Affected Software1

CVE•added 2022/10/18 12:0 a.m.•58 views

CVE-2022-41540

CVE-2022-41540 affects the TP-Link AX10v1 web app client for V1_211117, where the client uses hard-coded cryptographic keys when talking to the router. This enables a man-in-the-middle attacker to brute-force the sequence key and potentially access sensitive information. Public details indicate a...

5.9CVSS5.6AI score0.05495EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2022/10/18 12:0 a.m.•1 views

PT-2022-6113 · Tp Link · Tp-Link Ax10V1

Name of the Vulnerable Software and Affected Versions: TP-Link AX10v1 version V1 211117 Description: The issue allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token, enabling them to login to the web applicati...

8.1CVSS8.2AI score0.00877EPSS

Exploits1References6

CNVD•added 2021/12/21 12:0 a.m.•18 views

TP-Link AX10 Configuration Error Vulnerability

TP-Link AX10 is a router from China P&L Tp-link. A misconfiguration vulnerability exists in the TP-Link AX10v1 that stems from an HTTP/1.1 misconfiguration in the web interface of the TP-Link AX10v1 that could allow an attacker to send specially crafted HTTP/0.9 packets, which could lead to a cac...

7.5CVSS7.5AI score0.06833EPSS

Exploits0References1

CVE•added 2021/12/17 2:32 p.m.•60 views

CVE-2021-41451

CVE-2021-41451 affects the TP-Link AX10v1 router web interface. The root cause is a misconfiguration in handling HTTP/1.0 and HTTP/1.1, enabling a remote unauthenticated attacker to send a crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading to cache poisoning. ...

7.5CVSS7.5AI score0.06833EPSS

Exploits0References3Affected Software1

Cvelist•added 2021/12/08 3:35 p.m.•12 views

CVE-2021-41450

An HTTP request smuggling attack in TP-Link AX10v1 before v1211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet...

7.8AI score0.05961EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by