EUVD-2026-20548
GHSA-wmw7-jpm9-rmff
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionNVD
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
AnalysisAI
External configuration control in TP-Link AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to read arbitrary files by processing malicious configuration files, exposing sensitive device information. The vulnerability affects AX53 v1.0 prior to firmware build 1.7.1 Build 20260213 and requires high-level authentication and network adjacency to exploit. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjac
Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept a
Share
External POC / Exploit Code
Leaving vuln.today