// For flags

CVE-2022-41541

 

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.

TP-Link AX10v1 versión V1_211117, permite a atacantes ejecutar un ataque de repetición al usar un mensaje de autenticación encriptado previamente transmitido y un token de autenticación válido. Los atacantes son capaces de iniciar sesión en la aplicación web como un usuario administrador

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2022-09-26 CVE Reserved
  • 2022-10-18 CVE Published
  • 2025-05-15 CVE Updated
  • 2025-05-15 First Exploit
  • 2025-07-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-294: Authentication Bypass by Capture-replay
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tp-link
Search vendor "Tp-link"
 Ax10 Firmware
Search vendor "Tp-link" for product "Ax10 Firmware"
 v1_211117
Search vendor "Tp-link" for product "Ax10 Firmware" and version "v1_211117"
-
Affected
in Tp-link
Search vendor "Tp-link"
 Ax10
Search vendor "Tp-link" for product "Ax10"
 1.0
Search vendor "Tp-link" for product "Ax10" and version "1.0"
-
Safe