The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.
References
Link | Resource |
---|---|
https://github.com/efchatz/easy-exploits/tree/main/Web/TP-Link/Offline-decryption | Exploit Third Party Advisory |
https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware | Product Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-18T00:00:00
Updated: 2022-10-18T00:00:00
Reserved: 2022-09-26T00:00:00
Link: CVE-2022-41540
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-18T15:15:10.197
Modified: 2022-10-20T15:48:29.243
Link: CVE-2022-41540
JSON object: View
Redhat Information
No data.
CWE