Inadequate Encryption in TP-Link Router Affects Administrator Password Security
CVE-2026-5363

5.4MEDIUM

Key Information:

Vendor: Tp-link Systems Inc.
Status: Archer C7 V5 And V5.8
Vendor: CVE Published:; 15 April 2026

🔔 Create Tp-link Systems Inc. Vulnerability Alert

What is CVE-2026-5363?

The Archer C7 router, particularly versions v5 and v5.8, suffers from an Inadequate Encryption Strength vulnerability due to the use of RSA-1024 in the web interface for encrypting administrator passwords. This client-side encryption method is vulnerable to interception by an adjacent attacker who can monitor network traffic. With sufficient access, an attacker could exploit this to conduct brute-force or factorization attacks on the RSA key, potentially revealing the plaintext administrator password and compromising the router's configuration. Effective security measures are crucial to safeguard against unauthorized access.

Affected Version(s)

Archer C7 v5 and v5.8 0

References

https://www.tp-link.com/us/support/faq/3562/

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-5363 Data

JSON