Replay Attack Vulnerability in TP-Link AX10 Router
CVE-2022-41541

8.1HIGH

Key Information:

Vendor: Tp-link
Status: Ax10 Firmware
Vendor: CVE Published:; 18 October 2022

Summary

The TP-Link AX10 router is susceptible to a replay attack, where attackers can exploit a previously transmitted encrypted authentication message along with a valid authentication token. This vulnerability enables unauthorized access, allowing attackers to log in to the web application as an admin user. Consequently, it poses significant risks to the device’s security. Users are encouraged to update their firmware and adopt stronger authentication measures to mitigate potential threats.

References

https://www.tp-link.com/us/support/download/archer-ax10/v...

https://github.com/efchatz/easy-exploits/tree/main/Web/TP...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Sep 26, 2022