Skip to main content

TP-Link EUVDEUVD-2026-25250

| CVE-2026-5039 MEDIUM
Use of Default Cryptographic Key (CWE-1394)
2026-04-23 TPLink GHSA-f7mq-68q8-xqv6
6.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 18:42 NVD
6.1 (MEDIUM)
EUVD ID Assigned
Apr 23, 2026 - 17:30 euvd
EUVD-2026-25250
Analysis Generated
Apr 23, 2026 - 17:30 vuln.today
Patch released
Apr 23, 2026 - 17:30 nvd
Patch available
CVE Published
Apr 23, 2026 - 16:10 nvd
MEDIUM 6.1

DescriptionCVE.org

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

Analysis

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Vulnerability AssessmentAI

Remediation A vendor patch is available. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-9377 HIGH
8.6 Aug 29

TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental

CVE-2024-57049 CRITICAL POC
9.8 Feb 18

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized indi

CVE-2025-5600 CRITICAL POC
9.8 Jun 04

Buffer overflow in TOTOLINK EX1200T via setLanguageCfg. EPSS 0.52%. PoC available.

CVE-2025-6393 HIGH POC
8.8 Jun 21

CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting

CVE-2025-5907 HIGH POC
8.8 Jun 10

Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affe

CVE-2025-5905 HIGH POC
8.8 Jun 10

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configu

CVE-2025-5904 HIGH POC
8.8 Jun 10

A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName fun

CVE-2025-5903 HIGH POC
8.8 Jun 10

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules funct

CVE-2025-5902 HIGH POC
8.8 Jun 09

Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW f

CVE-2025-5792 HIGH POC
8.8 Jun 06

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-5901 HIGH POC
8.8 Jun 09

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule fu

CVE-2025-6165 HIGH POC
8.8 Jun 17

Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST r

Share

EUVD-2026-25250 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy