CVE-2026-30817

| EUVD-2026-20548 MEDIUM
2026-04-08 TPLink GHSA-wmw7-jpm9-rmff
6.8
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2026-20548
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
Patch Released
Apr 08, 2026 - 19:31 nvd
Patch available
CVE Published
Apr 08, 2026 - 17:53 nvd
MEDIUM 6.8

Tags

TP-Link Authentication Bypass

Description

An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Analysis

External configuration control in TP-Link AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to read arbitrary files by processing malicious configuration files, exposing sensitive device information. The vulnerability affects AX53 v1.0 prior to firmware build 1.7.1 Build 20260213 and requires high-level authentication and network adjacency to exploit. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

34
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +34
POC: 0

Share

CVE-2026-30817 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy