Skip to main content

TP-Link CVE-2026-5363

| EUVDEUVD-2026-23137 MEDIUM
Inadequate Encryption Strength (CWE-326)
2026-04-16 f23511db-6c3e-4e32-a477-6aa17d310630
5.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Apr 16, 2026 - 00:32 vuln.today
EUVD ID Assigned
Apr 16, 2026 - 00:22 euvd
EUVD-2026-23137
Analysis Generated
Apr 16, 2026 - 00:22 vuln.today
CVE Published
Apr 16, 2026 - 00:16 nvd
MEDIUM 5.4

DescriptionCVE.org

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, leading to unauthorized access and compromise of the device configuration.  This issue affects Archer C7: through Build 20220715.

AnalysisAI

TP-Link Archer C7 v5 and v5.8 routers use weak RSA-1024 encryption for admin password transmission during web login, allowing adjacent attackers with network traffic interception capability to perform cryptanalytic attacks (brute-force or key factorization) to recover plaintext credentials and gain unauthorized administrative access. EPSS score of P (Probable) and active POC availability indicate realistic exploitation risk in local network environments; however, exploitation requires both network adjacency and successful cryptanalysis of a 1024-bit RSA key, limiting attack scope to motivated adversaries on shared networks (e.g., compromised WiFi).

Technical ContextAI

The vulnerability resides in TP-Link's uhttpd web server modules used by the Archer C7 router firmware. The root cause is CWE-326 (Inadequate Encryption Strength): the router implements client-side RSA-1024 encryption for the admin password before transmission to the device, rather than leveraging server-side HTTPS encryption with stronger keys or modern ciphers. RSA-1024 (1024-bit modulus) was deprecated for cryptographic purposes around 2010-2015 and is cryptanalytically weak; modern attacks via lattice reduction (Coppersmith method) or distributed factorization can recover the private key within hours to days on commodity hardware. The affected CPE is likely cpe:2.3:h:tp_link:archer_c7:*:* with firmware versions through Build 20220715. An attacker passively observing the encrypted password in transit can repeatedly attempt decryption or forward the ciphertext to an offline factorization service.

RemediationAI

TP-Link released a firmware patch addressing RSA key strength (exact patched build number not provided in available advisories; consult TP-Link support page 3562 for the latest firmware binary). Users should immediately upgrade to the latest firmware build via the router's web admin panel (Administration → System Tools → Firmware Upgrade) or via TP-Link's download center. Verify the new build number is newer than 20220715. As a compensating control for users unable to patch immediately, disable remote web access to the router admin interface by logging in and disabling 'Remote Management' under Administration → Remote Management, reducing attack surface to adjacent-only (already required by CVSS AV:A); additionally, implement network segmentation or change the default admin password to a complex value (noting the encryption weakness persists, this slows brute-force attempts slightly). Do NOT rely on firewall rules blocking port 80/443 if the attacker is already on the LAN. Monitor router logs for repeated failed login attempts as a sign of active exploitation. Note: patching is the primary and only complete mitigation because the weakness is fundamental to the authentication protocol.

CVE-2015-3035 HIGH POC
7.5 Apr 22

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before

CVE-2013-2578 CRITICAL POC
10.0 Oct 11

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models be

CVE-2021-41653 CRITICAL POC
9.8 Nov 13

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to r

CVE-2022-25061 CRITICAL POC
9.8 Feb 25

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_set

CVE-2015-3036 CRITICAL POC
10.0 May 21

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in c

CVE-2012-5687 HIGH POC
7.8 Nov 01

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13

CVE-2022-25060 CRITICAL POC
9.8 Feb 25

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_sta

CVE-2025-9377 HIGH
8.6 Aug 29

TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental

CVE-2024-57049 CRITICAL POC
9.8 Feb 18

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized indi

CVE-2017-13772 HIGH POC
8.8 Oct 23

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated

CVE-2022-25064 CRITICAL POC
9.8 Feb 25

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the functio

CVE-2022-30075 HIGH POC
8.8 Jun 09

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote

Share

CVE-2026-5363 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy