Hey folks.

Scanning the AX10 internal IP reveals, that the webserver used, is the one by Busybox HTTP 1.19.4 -
443/tcp  open  ssl/http syn-ack ttl 64 BusyBox http 1.19.4

If its true, and it uses indeed Busybox 1.19.4, thats REALLY OLD, like 10 year old version.

Which makes it vulnerable to the following exploits:

https://vulmon.com/vulnerabilitydetails?qid=CVE-2013-1813&scoretype=cvssv2

https://nvd.nist.gov/vuln/detail/CVE-2011-2716

And another thing:

The webserver allows SSL3 and TLSv1.0 connections with HTTPS enabled.

Those are also pretty old.

Even then, the TLS v1.1 and TLS v1.2 used SSL ciphers also include deprecated ones, since 6 years already (February 2015).

|     warnings:

|       Broken cipher RC4 is deprecated by RFC 7465

|       CBC-mode cipher in SSLv3 (CVE-2014-3566)

Perhaps, is it time for an firmware update, which updates Busybox to a new version, and disables the SSL3 and TLS v1.0?

And maybe add TLS v1.3 support. The chipset supports OpenSSL 1.1.1g.
Security is important, its 2021 after all. Even more, when the router is from 2020.