CVE-2021-41451

Опубликовано: 17 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.

Ссылки

http://ax10v1.com
Not Applicable
URL Repurposed
http://tp-link.com
Product
https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware
Product
http://ax10v1.com
Not Applicable
URL Repurposed
http://tp-link.com
Product
https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:archer_ax10_firmware:*:*:*:*:*:*:*:*

Версия до v1_211117 (исключая)

cpe:2.3:h:tp-link:archer_ax10:v1:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06833

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-444

Связанные уязвимости

GHSA-x67c-x34f-8f4w

github

около 4 лет назад

An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before V1_211117 could allow an attacker to send a specially crafted HTTP/0.9 packet that could cause a cache poisoning attack.