CVE-2025-29089
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | archer_ax10 | 1.3.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) involves insecure HTTP Basic Authentication where Base64-encoded credentials are transmitted over unencrypted HTTP. This allows a remote attacker to perform a Man-in-the-Middle (MITM) attack using ARP poisoning to intercept sensitive information by redirecting network traffic through their machine. The router communicates with external services without encryption, exposing credentials in cleartext. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information such as authentication credentials. An attacker exploiting this can intercept and capture login details, potentially gaining unauthorized access to the router or network, which could lead to further compromise of network security and privacy. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the cleartext transmission of sensitive information, which violates best practices for protecting personal and sensitive data. Such exposure can lead to non-compliance with standards and regulations like GDPR and HIPAA that require secure handling and transmission of sensitive information to protect user privacy and data security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for unencrypted HTTP Basic Authentication credentials being transmitted in Base64 encoding. One method is to perform ARP poisoning to intercept traffic between the router and other devices. Tools such as Bettercap can be used to perform ARP spoofing and enable IP forwarding on a Linux machine. Wireshark can then be used to capture and analyze packets for HTTP requests containing Base64-encoded credentials sent over unencrypted HTTP. For example, commands include enabling IP forwarding (e.g., 'echo 1 > /proc/sys/net/ipv4/ip_forward'), running Bettercap with ARP spoofing modules targeting the router IP, and capturing traffic with Wireshark to inspect HTTP headers for Basic Authentication. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling HTTP Basic Authentication on the TP-Link AX10 router if possible, or ensuring that all management interfaces use HTTPS instead of HTTP to encrypt credentials in transit. Additionally, implementing network security measures such as enabling DHCP snooping, dynamic ARP inspection, and port security can help prevent ARP poisoning attacks. Using modern authentication methods and adopting Zero Trust security architectures are recommended to prevent exploitation of this vulnerability. [1]