Vulnerability Description
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Archer Ax10 Firmware | < v1_211117 |
| Tp-Link | Archer Ax10 | v1 |
Related Weaknesses (CWE)
References
- http://ax10v1.comNot ApplicableURL Repurposed
- http://tp-link.comProduct
- https://www.tp-link.com/us/support/download/archer-ax10/v1/#FirmwareProduct
- http://ax10v1.comNot ApplicableURL Repurposed
- http://tp-link.comProduct
- https://www.tp-link.com/us/support/download/archer-ax10/v1/#FirmwareProduct
FAQ
What is CVE-2021-41451?
CVE-2021-41451 is a vulnerability with a CVSS score of 7.5 (HIGH). A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misc...
How severe is CVE-2021-41451?
CVE-2021-41451 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41451?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Archer Ax10 Firmware, Tp-Link Archer Ax10.