DES-CBC Encryption Vulnerability in TP-Link TL-WR841N Router
CVE-2026-5039

6.1MEDIUM

Key Information:

Vendor: Tp-link Systems Inc.
Status: Tl-wl841n V13
Vendor: CVE Published:; 23 April 2026

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2026-5039?

The TP-Link TL-WR841N v13 utilizes DES-CBC encryption for its TDDPv2 debug protocol, employing a cryptographic key that stems from default web management credentials. This predictable key poses a significant threat when the device is left with its default configuration. An attacker located on the same network can exploit this vulnerability to gain unauthorized access to the debug protocol, allowing them to read sensitive debug data, modify critical device configurations, and even trigger reboots of the router. Such actions can lead to a compromise of device integrity and potential denial-of-service scenarios.

Affected Version(s)

TL-WL841N v13 0 < 0.9.1 Build 20231120 Rel.62366

References

https://www.tp-link.com/us/support/download/tl-wr841n/v13...

patch

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-5039 Data

JSON