CVE-2022-41540

Name of the Vulnerable Software and Affected Versions TP-Link AX10v1 version V1 211117

Description The web app client of TP-Link AX10v1 uses hard-coded cryptographic keys when communicating with the router. This allows attackers to obtain the sequence key via a brute-force attack if they can intercept the communications between the web client and router through a man-in-the-middle attack, resulting in unauthorized access to sensitive information.

Recommendations For TP-Link AX10v1 version V1 211117, consider disabling the web app client until a patch is available to prevent exploitation. Restrict access to the router to minimize the risk of a man-in-the-middle attack. Avoid using the hard-coded cryptographic keys in the web app client to prevent brute-force attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.