Published on April 10, 2026
Multiple TP-Link Vulnerabilities Allow Attackers to Seize Control of the Device
Severity
High
Detail
Cybersecurity researchers have identified five distinct security vulnerabilities affecting the TP-Link Archer AX53 v1.0 router. These flaws impact core components, including OpenVPN, dnsmasq, and tmpServer modules.
When exploited, the vulnerabilities allow attackers on the same network (adjacent access) to execute system commands, crash services, and access sensitive configuration files, potentially leading to full device compromise. The most critical issues are two OS command injection vulnerabilities with a CVSS v4.0 score of 8.5. These vulnerabilities allow an authenticated attacker within the same network to upload a specially crafted configuration file and execute unauthorized system commands. Successful exploitation can lead to full control over the router’s operating system, modification of settings, and exposure of sensitive data.
| CVE ID | Summary | CVSS Score |
| CVE-2026-30815 | Command injection in OpenVPN module due to improper input validation in configuration file processing | 8.5 (High) |
| CVE-2026-30818 | Command injection in dnsmasq module due to improper input validation in configuration file processing | 8.5 (High) |
| CVE-2026-30814 | Stack-based buffer overflow in tmpServer module allowing service crash and potential arbitrary code execution | 7.3 (High) |
| CVE-2026-30816 | Arbitrary file read in OpenVPN module via external configuration control | 6.8 (Medium) |
| CVE-2026-30817 | Arbitrary file read in dnsmasq module via external configuration control | 6.8 (Medium) |
The third vulnerability tracked as CVE-2026-30814, involves a stack-based buffer overflow in the tmpServer module. By supplying a malicious configuration file, an attacker can trigger a segmentation fault, causing a denial of service and creating conditions for arbitrary code execution. This can destabilize the device and allow persistent access.
The last two vulnerabilities, CVE-2026-30816 and CVE-2026-30817, enable arbitrary file reading. These flaws allow attackers to bypass restrictions and access sensitive files, including administrative credentials and network configurations, which may be used to facilitate further attacks.
Key risk considerations include:
- Adjacent network attack vector requiring authenticated access
- Ability to execute arbitrary system commands
- Potential for full device compromise
- Exposure of sensitive configuration files and credentials
- Service disruption and possible persistent access
Affected Products
The affected product is as follows:
- TP-Link Archer AX53 v1.0
- All firmware versions prior to 1.7.1 Build 20260213
Recommendation
Users and administrators should take immediate action to mitigate risks:
- Upgrade to firmware version 1.7.1 Build 20260213 or later
- Download updates only from the official TP-Link support portal
- Restrict access to the local network and avoid untrusted devices
- Disable unused services such as OpenVPN if not required
- Monitor network activity for suspicious behavior
Failure to apply updates may allow attackers to exploit these vulnerabilities as an entry point into internal networks, increasing the risk of broader compromise.
Source
https://cybersecuritynews.com/multiple-tp-link-vulnerabilities-seize-control-of-the-device/