CVE-2022-41540

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:ax10_firmware:v1_211117:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:ax10:1.0:*:*:*:*:*:*:*

Information

Published : 2022-10-18 08:15

Updated : 2022-10-20 08:48


NVD link : CVE-2022-41540

Mitre link : CVE-2022-41540


JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa

Products Affected

tp-link

  • ax10_firmware
  • ax10