Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attacker needs local, high-privilege access to obtain the hash (AV:L/PR:H), offline cracking adds effort (AC:H), and impact is confidentiality-only per the description (C:H, I:N, A:N).
Primary rating from Vendor (TPLink).
CVSS VectorVendor: TPLink
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks.
Successful exploitation may result in disclosure of authentication credentials, enabling unauthorized access to device management functions, depending on the privileges associated with the recovered password. The primary security impact is loss of confidentiality.
AnalysisAI
Credential disclosure in TP-Link Deco M5 v1 mesh routers stems from a weak (computationally cheap) password-hashing scheme used to store local user credentials, letting an attacker who has already obtained the stored hash recover the plaintext password via offline brute-force or dictionary attacks. Affected devices are the Deco M5 v1 hardware revision, and successful cracking yields access to device management functions scoped to the recovered account's privileges. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already possess the stored password hash, which per the description is only obtainable 'through system compromise or privileged access' to the Deco M5 v1 - consistent with the CVSS AV:L and PR:H metrics. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This is a meaningful but conditional weakness, not a top-tier emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already gained privileged or local access to a Deco M5 v1 unit - for example via a separate firmware flaw, a stolen configuration backup, or physical/administrative access - extracts the stored credential hash from the device. Because the hash uses a weak, fast algorithm, the attacker cracks it offline with a wordlist or GPU brute-force and recovers the plaintext admin password, then reuses it to log into the device management interface and any accounts that share the password. … |
| Remediation | Patch available per vendor advisory: apply the latest Deco M5 v1 firmware from TP-Link's download portal (https://www.tp-link.com/us/support/download/deco-m5/v1/#Firmware or the EN mirror), noting that the provided data does not confirm an exact first-fixed firmware version - verify the fixed build directly with TP-Link before relying on it. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Deco M5 v1 devices and restrict both local and remote access to affected units through physical security and firewall rules. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44362
GHSA-6vqq-hcvj-cx94