Multiple TP-Link Vulnerabilities Allow Attackers to Seize Control of the Device

Cybersecurity researchers have identified five distinct security flaws in the TP-Link Archer AX53 v1.0 router.

Tracked under multiple CVE identifiers, these vulnerabilities impact the router’s core modules, including OpenVPN, dnsmasq, and tmpServer.

When exploited, these flaws allow attackers on the same network to execute system commands, cause system crashes, and steal sensitive configuration files, ultimately leading to the complete compromise of the device.

High-Severity Command Injection Flaws

The most critical vulnerabilities discovered are two OS command injection flaws, carrying a high CVSS v4.0 score of 8.5.

• CVE-2026-30815 resides in the OpenVPN module.
• CVE-2026-30818 affects the dnsmasq module.

Both vulnerabilities occur because the router fails to validate input when processing configuration files properly.

An authenticated attacker sharing the same local network (adjacent access) can upload a specially crafted configuration file to execute unauthorized system commands.

This level of access allows threat actors to modify device settings, expose sensitive data, and take total control of the router’s operating system.

Another major flaw tracked as CVE-2026-30814 (CVSS score 7.3) involves a stack-based buffer overflow in the router’s tmpServer module.

By feeding the router a malicious configuration file, an adjacent attacker can trigger a segmentation fault. This immediately crashes the service and creates a pathway to execute arbitrary code.

Code execution at this level means an attacker can force the device into an unstable state, manipulate device functions, and maintain a persistent foothold on the network hardware.

The final two vulnerabilities expose sensitive data through arbitrary file reading capabilities. Both carry a medium-severity CVSS v4.0 score of 6.8.

• CVE-2026-30816 targets the OpenVPN module.
• CVE-2026-30817 impacts the dnsmasq module.

These external configuration control flaws allow an attacker to bypass security restrictions and read private files stored on the device.

While this does not grant direct control over the router, it exposes critical administrative files, passwords, and network configurations that attackers can use to launch further attacks.

These vulnerabilities specifically affect the TP-Link Archer AX53 v1.0, a popular Wi-Fi 6 router widely used internationally but not sold in the United States.

TP-Link has officially addressed these security gaps in their latest firmware release.

Users and network administrators are strongly urged to update their devices immediately to protect their networks from potential exploitation.

• Affected versions include all versions before 1.7.1 Build 20260213.
• Users must download the updated firmware directly from the official TP-Link support portal for their specific region.

Leaving these routers unpatched gives threat actors an easy pivot point into internal networks, making immediate remediation critical for home and enterprise security alike.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.