CVE-2022-41540

Published: Oct 18, 2022

Modified: May 15, 2025

PUBLISHED

Description

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware

https://github.com/efchatz/easy-exploits/tree/main/Web/TP-Link/Offline-decryption

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-41540

Description

Affected Products

References