cve/2022/CVE-2022-41540.md

### [CVE-2022-41540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41540)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.

### POC

#### Reference
- https://github.com/efchatz/easy-exploits/tree/main/Web/TP-Link/Offline-decryption

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/efchatz/easy-exploits
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC