CVE-2022-41540 The TP-Link AX10v1 V1_211117 web app client uses hard-coded cryptographic keys to communicate with the router.
The hard-coded encryption keys of the AX10v1 V1_211117 can be found in the source code on GitHub. It is recommended to upgrade the firmware immediately. TP-Link has released software update V1_211117 for the AX10v1 V1 router, which addresses the hard-coded encryption keys issue. The recommended implementation time for the above software upgrade is immediate. It is also possible to update the firmware by following the instructions provided in this advisory. A hard-coded encryption key issue was also found in the web client of the AX100v1 V1 router, and a similar vulnerability affecting the web interface of the AX100v1 V1 router has been addressed. It is recommended to upgrade the firmware immediately. The source code for the web client of the AX100v1 V1 router has been published on GitHub. It is possible to update the firmware by following the instructions provided in this advisory.
References: https://www.tp-link.com/en/support/article/?id=209
https://github.com/tplink/wapiti
Vulnerability Details
The hard-coded encryption keys of the AX10v1 V1_211117 can be found in the source code on GitHub. It is recommended to upgrade the firmware immediately.
Vulnerability Characteristics
The hard-coded encryption keys issue can be exploited to decrypt the encrypted traffic on the AX10v1 V1_211117.
Hard-coded encryption keys in TP-Link AX10v1 V1 firmware
The hard-coded encryption keys of the TP-Link Ax10v1 V1 router can be found in the source code on GitHub. It is recommended to upgrade the firmware immediately. TP-Link has released software update V1_211117 for the AX10v1 V1 router, which addresses this issue. The recommended implementation time for the above software upgrade is immediate. It is also possible to update the firmware by following the instructions provided in this advisory.
Check your firmware version
Factory default password for the AX10v1 V1_211117: tplink
The factory default password for the AX100v1 V1 router is tplink.
Timeline
Published on: 10/18/2022 15:15:00 UTC
Last modified on: 10/20/2022 15:48:00 UTC