External Configuration Control Vulnerability in TP-Link AX53 Product
CVE-2026-30817

6.8MEDIUM

Key Information:

Vendor

Tp-link Systems Inc.

Status
Ax53 V1.0
Vendor
CVE Published:
8 April 2026

What is CVE-2026-30817?

The OpenVPN module of the TP-Link AX53 v1.0 is susceptible to an external configuration control vulnerability. This issue allows an authenticated adjacent attacker to process a malicious configuration file, resulting in unauthorized access to arbitrary files on the device. Such exploitation has significant implications as it could lead to the exposure of sensitive information stored on the device. It is crucial for users to promptly update their firmware to mitigate this risk.

Affected Version(s)

AX53 v1.0 0 < 1.7.1 Build 20260213

References

https://www.tp-link.com/my/support/download/archer-ax53/v...
patch
https://www.tp-link.com/en/support/download/archer-ax53/v...
patch
https://talosintelligence.com/vulnerability_reports/
third-party-advisory

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lilith >_> of Cisco Talos
.