CVE-2022-41541

Name of the Vulnerable Software and Affected Versions TP-Link AX10v1 version V1 211117

Description The issue allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token, enabling them to login to the web application as an admin user. This can be exploited by capturing and reusing valid authentication parameters, potentially leading to unauthorized access to protected information. It may also allow for a "man-in-the-middle" type attack.

Recommendations For TP-Link AX10v1 version V1 211117, as a temporary workaround, consider disabling the web application's authentication mechanism until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.