CVE-2022-41540

MEDIUM Year: 2022
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-798
View all →

Vulnerability Description

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.

Related Vulnerabilities

CVE-2015-7276

MEDIUM
CVSS:5.9(Medium)

Technicolor C2000T and C2100T uses hard-coded cryptographic keys.

CWE-7982015

CVE-2018-12240

MEDIUM
CVSS:5.9(Medium)

The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihoo...

CWE-7982018

CVE-2018-16546

MEDIUM
CVSS:5.9(Medium)

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging kn...

CWE-7982018

CVE-2018-9073

MEDIUM
CVSS:5.9(Medium)

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised t...

CWE-7982018

CVE-2018-9195

MEDIUM
CVSS:5.9(Medium)

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services...

CWE-7982018

CVE-2019-13399

MEDIUM
CVSS:5.9(Medium)

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation.

CWE-7982019