Description
Use of Hard-coded Credentials in TP-Link Archer C50 V3(

<=

180703)/V4(



<=

250117

)/V5(



<=

200407

), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows attackers to decrypt the config.xml files.
Published: 2025-07-16
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The firmware contains hard‑coded DES decryption keys that allow an attacker to decrypt the router’s config.xml file, which contains configuration settings (inferred). This weakness is a classic example of CWE-798, use of hard‑coded credentials.

Affected Systems

TP‑Link Archer C20 V5; TP‑Link Archer C50 V3 (up to firmware 180703), V4 (up to 250117), and V5 (up to 200407). Vulnerable C20 V5 firmware is any build older than US_V5_260419 or EU_V5_260317.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, and the EPSS score of less than 1% signals a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is that an attacker must interact with the router, most likely via the web interface or through an exposed management protocol, to retrieve and decrypt config.xml (inferred). Based on inference, direct exploitation appears limited if this exposure cannot be achieved (inferred). Nonetheless, the risk warrants timely patching or mitigation to prevent potential configuration compromise.

Generated by OpenCVE AI on May 2, 2026 at 11:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware for your TP‑Link router from the official TP‑Link support pages.
  • Reboot the device after the firmware update to activate the new image.
  • If no newer firmware is available, restrict external access to the router’s management interface and monitor logs for unauthorized configuration changes.

Generated by OpenCVE AI on May 2, 2026 at 11:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21738 Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), allows attackers to decrypt the config.xml files.
History

Wed, 22 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), allows attackers to decrypt the config.xml files. Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows attackers to decrypt the config.xml files.
Title Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5 Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5 and C20 V5
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 18 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 16 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Description Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), allows attackers to decrypt the config.xml files.
Title Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer C50 V3 Archer C50 V4 Archer C50 V5
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-22T21:24:12.188Z

Reserved: 2025-07-01T20:09:03.975Z

Link: CVE-2025-6982

cve-icon Vulnrichment

Updated: 2025-11-03T20:07:18.484Z

cve-icon NVD

Status : Deferred

Published: 2025-07-16T20:15:26.017

Modified: 2026-04-22T22:16:29.750

Link: CVE-2025-6982

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T11:15:19Z

Weaknesses