Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Vulnerabitily type

Replay attack (CVE-2022-41541)

Vendor

TP-Link

Product

AX10v1 V1_211117

Affected component

The web app authentication method accepts a replayed HTTP packet which contains a login message that was previously got accepted by the app.

Attack vector

A Man-in-the-middle attacker who captures the traffic between the web app and the victim, can escalate a Replay attack, with a previously transmitted encrypted authentication message and gain a valid authentication token. This will allow the attacker to login as an admin user to the application.

Patch

V1_220401

PoC

replay-active-tp-link_Ktu2kFUg.mp4