VAR-202112-0695
Vulnerability from variot - Updated: 2024-02-14 23:05An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. TP-Link AX10v1 for, HTTP There is a vulnerability related to request smuggling.Service operation interruption (DoS) It may be in a state. TP-Link AX10 is a router from China's Tp-link company.
There is an input validation error vulnerability in TP-Link AX10 v1, which is caused by the product not effectively processing special HTTP messages. An attacker can use this vulnerability to cause the target to deny service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0695",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "archer ax10 v1",
"scope": "lt",
"trust": 1.0,
"vendor": "tp link",
"version": "211117"
},
{
"model": "archer ax10 v1",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "archer ax10 v1 firmware 211117"
},
{
"model": "archer ax10 v1",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "ax10 \u003cv1 211117",
"scope": null,
"trust": 0.6,
"vendor": "tp link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99761"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"db": "NVD",
"id": "CVE-2021-41450"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tp-link:archer_ax10_v1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "211117",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tp-link:archer_ax10_v1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41450"
}
]
},
"cve": "CVE-2021-41450",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-41450",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-99761",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-41450",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-41450",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-99761",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-684",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-41450",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99761"
},
{
"db": "VULMON",
"id": "CVE-2021-41450"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-684"
},
{
"db": "NVD",
"id": "CVE-2021-41450"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. TP-Link AX10v1 for, HTTP There is a vulnerability related to request smuggling.Service operation interruption (DoS) It may be in a state. TP-Link AX10 is a router from China\u0027s Tp-link company. \n\r\n\r\nThere is an input validation error vulnerability in TP-Link AX10 v1, which is caused by the product not effectively processing special HTTP messages. An attacker can use this vulnerability to cause the target to deny service",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41450"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"db": "CNVD",
"id": "CNVD-2021-99761"
},
{
"db": "VULMON",
"id": "CVE-2021-41450"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41450",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016287",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-99761",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-684",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-41450",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99761"
},
{
"db": "VULMON",
"id": "CVE-2021-41450"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-684"
},
{
"db": "NVD",
"id": "CVE-2021-41450"
}
]
},
"id": "VAR-202112-0695",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99761"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99761"
}
]
},
"last_update_date": "2024-02-14T23:05:13.446000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page TP-LINK\u00a0Technologies",
"trust": 0.8,
"url": "https://www.tp-link.com/"
},
{
"title": "Patch for TP-Link AX10 input validation error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/304681"
},
{
"title": "Tp-link TP-Link AX10 Remediation measures for environmental problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=174213"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99761"
},
{
"db": "VULMON",
"id": "CVE-2021-41450"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-684"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.0
},
{
"problemtype": "HTTP Request Smuggling (CWE-444) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"db": "NVD",
"id": "CVE-2021-41450"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41450"
},
{
"trust": 1.7,
"url": "https://www.tp-link.com/us/support/download/archer-ax10/v1/#firmware"
},
{
"trust": 1.7,
"url": "http://ax10v1.com"
},
{
"trust": 1.7,
"url": "http://tp-link.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/efchatz/easy-exploits"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-99761"
},
{
"db": "VULMON",
"id": "CVE-2021-41450"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-684"
},
{
"db": "NVD",
"id": "CVE-2021-41450"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-99761"
},
{
"db": "VULMON",
"id": "CVE-2021-41450"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-684"
},
{
"db": "NVD",
"id": "CVE-2021-41450"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-99761"
},
{
"date": "2021-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41450"
},
{
"date": "2022-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-684"
},
{
"date": "2021-12-08T16:15:07.097000",
"db": "NVD",
"id": "CVE-2021-41450"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-99761"
},
{
"date": "2021-12-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41450"
},
{
"date": "2022-12-09T06:01:00",
"db": "JVNDB",
"id": "JVNDB-2021-016287"
},
{
"date": "2021-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-684"
},
{
"date": "2024-02-14T01:17:43.863000",
"db": "NVD",
"id": "CVE-2021-41450"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-684"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-Link\u00a0AX10v1\u00a0 In \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016287"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "environmental issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-684"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…