Weak Password Hashing in TP-Link Deco M5 Device
CVE-2026-5040
7.1HIGH
What is CVE-2026-5040?
The TP-Link Deco M5 v1 employs a poorly implemented password hashing mechanism for storing user credentials. This weakness allows an attacker who gains access to the password hash, either through a system compromise or privileged user access, to execute brute-force or dictionary attacks. If successful, the attacker can recover the authentication credentials, leading to unauthorized access to device management functions and potentially compromising user data. The primary security concern arises from the possible loss of confidentiality of sensitive information.
Affected Version(s)
Deco M5 Deco M5 V1 0 < 1.9.4 Build 20260312 Rel.17129
