CVE-2026-30814 - Vulnerability Details

- Buffer Overflow Vulnerability in TP-Link AX53

Description

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity.

This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Published: 2026-04-08

Score: 7.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack‑based buffer overflow exists in the tmpServer module of TP‑Link Archer AX53 v1.0, allowing an attacker who has authenticated access on the same network to craft a malicious configuration file. Triggering this flaw can cause a segmentation fault and potentially give the attacker arbitrary code execution on the device, enabling modification of device state, exposure of sensitive information, or further compromise of the device’s integrity.

Affected Systems

The vulnerability affects TP‑Link Archer AX53 firmware version 1.0 only. It does not impact later builds; versions up through the pre‑1.7.1 Build 20260213 are susceptible.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity, while the EPSS score of less than 1 % suggests that current exploitation attempts are rare. The vulnerability is not listed in CISA’s KEV catalog. Exploitation likely requires an authenticated attacker on the local network who can upload or modify the configuration file in the tmpServer module; the attack surface is therefore limited to users with network proximity and valid credentials.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TP-Link Systems Inc.

AX53 v1.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.7.1 Build 20260213

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:archer_ax53_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_ax53:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Tp-link

Ax53 V1

100%

Version	Status	Scheme	Platform
`[0,1.7.1 Build 20260213)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Archer AX53 firmware update (1.7.1 Build 20260213 or later) from the TP‑Link support website to eliminate the buffer overflow.

Generated by OpenCVE AI on April 14, 2026 at 17:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware
https://www.tp-link.com/us/support/faq/5055/

History

Tue, 14 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link archer Ax53 Tp-link archer Ax53 Firmware
Weaknesses		CWE-787
CPEs		cpe:2.3:h:tp-link:archer_ax53:1.0:::::::* cpe:2.3:o:tp-link:archer_ax53_firmware::::::::
Vendors & Products		Tp-link archer Ax53 Tp-link archer Ax53 Firmware
Metrics		cvssV3_1 `{'score': 8.0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 09 Apr 2026 08:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link ax53 V1
Vendors & Products		Tp-link Tp-link ax53 V1

Wed, 08 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 08 Apr 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
Title		Buffer Overflow Vulnerability in TP-Link AX53
Weaknesses		CWE-121
References		https://talosintelligence.com/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/5055/
Metrics		cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}`

Subscriptions

Tp-link Archer Ax53 Archer Ax53 Firmware Ax53 V1

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-04-08T17:52:00.929Z

Updated: 2026-04-09T03:56:15.034Z

Reserved: 2026-03-05T17:35:52.174Z

Link: CVE-2026-30814

Vulnrichment

Updated: 2026-04-08T19:11:49.924Z

NVD

Status : Analyzed

Published: 2026-04-08T19:25:20.140

Modified: 2026-04-14T16:19:31.173

Link: CVE-2026-30814

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T16:15:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object