Skip to main content

TP-Link EUVDEUVD-2026-20546

| CVE-2026-30816 MEDIUM
External Control of System or Configuration Setting (CWE-15)
2026-04-08 TPLink GHSA-xxqc-mrq8-7966
6.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2026-20546
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
Patch released
Apr 08, 2026 - 19:31 nvd
Patch available
CVE Published
Apr 08, 2026 - 17:53 nvd
MEDIUM 6.8

DescriptionCVE.org

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

AnalysisAI

External control of configuration in TP-Link Archer AX53 v1.0 OpenVPN module allows authenticated adjacent attackers with high privileges to read arbitrary files via malicious configuration file processing, exposing sensitive device information. CVSS 6.8 reflects high confidentiality impact; no public exploit code or active exploitation confirmed. Patch available: firmware version 1.7.1 Build 20260213 or later.

Technical ContextAI

The vulnerability exists in the OpenVPN configuration processing logic of TP-Link Archer AX53 v1.0 routers. CWE-15 (External Control of System or Configuration Setting) indicates the device fails to properly validate or sanitize configuration file inputs before processing them. When a malicious OpenVPN configuration file is uploaded or processed by a high-privilege authenticated user on the adjacent network (AV:A - adjacent network vector), the OpenVPN module may interpret specially crafted directives to access files outside the intended scope, bypassing normal file access controls. The CVSS 4.0 vector shows low attack complexity (AC:L), no special timing/tools required (AT:N), and high confidentiality impact (VC:H) with no integrity or availability impact, confirming a read-only file disclosure vulnerability.

RemediationAI

Vendor-released patch: upgrade TP-Link Archer AX53 v1.0 firmware to version 1.7.1 Build 20260213 or later. Download the patched firmware from TP-Link's official support page (https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware) and apply via the router's web administration panel or firmware update utility. As an interim measure, restrict OpenVPN configuration uploads and modifications to trusted administrators only, and regularly audit which users have high-privilege access to the device. Monitor for any suspicious file access patterns or unexpected configuration changes in system logs.

CVE-2015-3035 HIGH POC
7.5 Apr 22

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before

CVE-2013-2578 CRITICAL POC
10.0 Oct 11

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models be

CVE-2021-41653 CRITICAL POC
9.8 Nov 13

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to r

CVE-2022-25061 CRITICAL POC
9.8 Feb 25

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_set

CVE-2015-3036 CRITICAL POC
10.0 May 21

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in c

CVE-2012-5687 HIGH POC
7.8 Nov 01

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13

CVE-2022-25060 CRITICAL POC
9.8 Feb 25

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_sta

CVE-2025-9377 HIGH
8.6 Aug 29

TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental

CVE-2024-57049 CRITICAL POC
9.8 Feb 18

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized indi

CVE-2017-13772 HIGH POC
8.8 Oct 23

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated

CVE-2022-25064 CRITICAL POC
9.8 Feb 25

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the functio

CVE-2022-30075 HIGH POC
8.8 Jun 09

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote

Share

EUVD-2026-20546 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy