CVE-2021-41451

HIGH

Tp-link Archer Ax10 Firmware < v1_211117 - HTTP Request Smuggling

Title source: rule

Description

A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.

References (3)

[Product] http://tp-link.com

[Not Applicable, URL Repurposed] http://ax10v1.com

[Product] https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware

Scores

CVSS v3 7.5

EPSS 0.0683

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-444

Status published

Products (1)

tp-link/archer_ax10_firmware < v1_211117

Published Dec 17, 2021

Tracked Since Feb 18, 2026