CVE-2022-41541

TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:ax10_firmware:v1_211117:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:ax10:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:23

Type Values Removed Values Added
References () https://github.com/efchatz/easy-exploits/tree/main/Web/TP-Link/Replay - Exploit, Third Party Advisory () https://github.com/efchatz/easy-exploits/tree/main/Web/TP-Link/Replay - Exploit, Third Party Advisory
References () https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware - Product, Vendor Advisory () https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware - Product, Vendor Advisory

Information

Published : 2022-10-18 15:15

Updated : 2024-11-21 07:23


NVD link : CVE-2022-41541

Mitre link : CVE-2022-41541

CVE.ORG link : CVE-2022-41541


JSON object : View

Products Affected

tp-link

  • ax10_firmware
  • ax10
CWE
CWE-294

Authentication Bypass by Capture-replay