TP-Link Flaws Let Attackers Seize Multiple Vulnerabilities

Cybersecurity researchers have identified five distinct security flaws in the TP-Link Archer AX53 v1.0 router. These vulnerabilities could enable attackers to compromise the device, potentially allowing unauthorized access or control over the network.

Tracked under multiple CVE identifiers, these vulnerabilities impact the router’s core modules, including OpenVPN, dnsmasq, and tmpServer.

When exploited, these flaws allow attackers on the same network to execute system commands, cause system crashes, and steal sensitive configuration files, ultimately leading to the complete compromise of the device.

High-Severity Command Injection Flaws

The most critical vulnerabilities discovered are two OS command injection flaws, carrying a high CVSS v4.0 score of 8.5.

• CVE-2026-30815 resides in the OpenVPN module.
• CVE-2026-30818 affects the dnsmasq module.

Both vulnerabilities occur because the router fails to validate input when processing configuration files properly.

An authenticated attacker sharing the same local network (adjacent access) can upload a specially crafted configuration file to execute unauthorized system commands.

This level of access allows threat actors to modify device settings, expose sensitive data, and take total control of the router’s operating system.

Another major flaw tracked as CVE-2026-30814 (CVSS score 7.3) involves a stack-based buffer overflow in the router’s tmpServer module.

By feeding the router a malicious configuration file, an adjacent attacker can trigger a segmentation fault. This immediately crashes the service and creates a pathway to execute arbitrary code.

Code execution at this level means an attacker can force the device into an unstable state, manipulate device functions, and maintain a persistent foothold on the network hardware.

The final two vulnerabilities expose sensitive data through arbitrary file reading capabilities. Both carry a medium-severity CVSS v4.0 score of 6.8.

• CVE-2026-30816 targets the OpenVPN module.
• CVE-2026-30817 impacts the dnsmasq module.

These external configuration control flaws allow an attacker to bypass security restrictions and read private files stored on the device.

While this does not grant direct control over the router, it exposes critical administrative files, passwords, and network configurations that attackers can use to launch further attacks.

These vulnerabilities specifically affect the TP-Link Archer AX53 v1.0, a popular Wi-Fi 6 router widely used internationally but not sold in the United States.

TP-Link has officially addressed these security gaps in their latest firmware release.

Users and network administrators are strongly urged to update their devices immediately to protect their networks from potential exploitation.

• Affected versions include all versions before 1.7.1 Build 20260213.
• Users must download the updated firmware directly from the official TP-Link support portal for their specific region.

Leaving these routers unpatched gives threat actors an easy pivot point into internal networks, making immediate remediation critical for home and enterprise security alike.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.