Description
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity.

This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
Published: 2026-04-08
Score: 7.3 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the tmpServer module of TP‑Link Archer AX53 firmware version 1.0. An authenticated adjacent attacker can supply a specially crafted configuration file that triggers a segmentation fault and possibly arbitrary code execution. Exploitation allows the attacker to modify device state, exfiltrate sensitive data, or further compromise the device.

Affected Systems

TP‑Link Systems Inc. Archer AX53 routers running firmware version 1.0, and any build prior to 1.7.1 Build 20260213.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity risk. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog. The attack requires authenticated adjacent access, implying that an attacker who can log into the device or is connected to the same local network may exploit it. If successful, the exploitation could lead to remote code execution with the privileges of the device management account.

Generated by OpenCVE AI on April 8, 2026 at 19:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update (v1.7.1 Build 20260213 or newer) from TP‑Link.
  • If updating is not possible, isolate the device from untrusted networks and restrict local device management to trusted users.
  • Monitor for suspicious configuration changes or segmentation faults on the router.

Generated by OpenCVE AI on April 8, 2026 at 19:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
Title Buffer Overflow Vulnerability in TP-Link AX53
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-08T19:22:11.648Z

Reserved: 2026-03-05T17:35:52.174Z

Link: CVE-2026-30814

cve-icon Vulnrichment

Updated: 2026-04-08T19:11:49.924Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:25:20.140

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-30814

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:38:52Z

Weaknesses