Configuration Vulnerability in OpenVPN Module of TP-Link AX53
CVE-2026-30816

6.8MEDIUM

Key Information:

Vendor

Tp-link Systems Inc.

Status
Ax53 V1.0
Vendor
CVE Published:
8 April 2026

What is CVE-2026-30816?

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to process a malicious configuration file. Exploitation of this vulnerability could grant unauthorized access to arbitrary files on the device, potentially leading to the exposure of sensitive information. Users are advised to update to version 1.7.1 Build 20260213 or later to mitigate this issue.

Affected Version(s)

AX53 v1.0 0 < 1.7.1 Build 20260213

References

https://www.tp-link.com/my/support/download/archer-ax53/v...
patch
https://www.tp-link.com/en/support/download/archer-ax53/v...
patch
https://talosintelligence.com/vulnerability_reports/
third-party-advisory

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lilith >_> of Cisco Talos
.