CVE-2021-41450 - OpenCVE

An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tp-link	Archer Ax10 V1 Archer Ax10 V1 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:tp-link:archer_ax10_v1:-:*:*:*:*:*:*:*

cpe:2.3:o:tp-link:archer_ax10_v1_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://ax10v1.com
http://tp-link.com
https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-08T15:35:00

Updated: 2024-08-04T03:15:28.377Z

Reserved: 2021-09-20T00:00:00

Link: CVE-2021-41450

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-08T16:15:07.097

Modified: 2024-02-14T01:17:43.863

Link: CVE-2021-41450

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-08T15:35:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://tp-link.com"}, {"tags": ["x_refsource_MISC"], "url": "http://ax10v1.com"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-41450", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tp-link.com", "refsource": "MISC", "url": "http://tp-link.com"}, {"name": "http://ax10v1.com", "refsource": "MISC", "url": "http://ax10v1.com"}, {"name": "https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware", "refsource": "MISC", "url": "https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:15:28.377Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://tp-link.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ax10v1.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-41450", "datePublished": "2021-12-08T15:35:00", "dateReserved": "2021-09-20T00:00:00", "dateUpdated": "2024-08-04T03:15:28.377Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_ax10_v1:-:*:*:*:*:*:*:*", "matchCriteriaId": "91E911FD-8026-4EC2-81D4-0C4A5F991B83", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_ax10_v1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73206236-2A34-49EF-91FF-57377B425731", "versionEndExcluding": "211117", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet."}, {"lang": "es", "value": "Un ataque de contrabando de peticiones HTTP en TP-Link AX10v1 versiones anteriores a v1_211117, permite a un atacante remoto no autenticado hacer DoS a la aplicaci\u00f3n web por medio del env\u00edo de un paquete HTTP espec\u00edfico"}], "id": "CVE-2021-41450", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-08T16:15:07.097", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "URL Repurposed"], "url": "http://ax10v1.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://tp-link.com"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}