Description
An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
Published: 2026-04-08
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized file access
Action: Patch firmware
AI Analysis

Impact

An authenticated adjacent attacker can read arbitrary files on a TP‑Link AX53 router by loading a malicious OpenVPN configuration file. The vulnerability allows disclosure of sensitive device data and potentially other configuration information, constituting a confidentiality breach.

Affected Systems

TP‑Link Archer AX53 router, firmware version 1.0 and all releases prior to 1.7.1 Build 20260213 are affected.

Risk and Exploitability

The vulnerability has a CVSS score of 6.8, indicating moderate severity, and an EPSS score of less than 1%, indicating a low probability of exploitation. It is not listed in the CISA KEV catalog. The likely attack vector involves an authenticated adversary with local network access to the router, enabling them to upload or replace an OpenVPN configuration file to trigger the read operation.

Generated by OpenCVE AI on April 14, 2026 at 17:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update TP‑Link Archer AX53 firmware to version 1.7.1 Build 20260213 or later, which removes the vulnerable OpenVPN module.
  • Verify that the update has been applied and that the OpenVPN service is running only if required; disable it if not needed.
  • Restrict local network access to authorized users and consider disabling the OpenVPN feature if the router does not need to provide such services.

Generated by OpenCVE AI on April 14, 2026 at 17:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Ax53
Tp-link archer Ax53 Firmware
Weaknesses CWE-610
CPEs cpe:2.3:h:tp-link:archer_ax53:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax53_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Ax53
Tp-link archer Ax53 Firmware
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link ax53 V1
Vendors & Products Tp-link
Tp-link ax53 V1

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
Title Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53
Weaknesses CWE-15
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer Ax53 Archer Ax53 Firmware Ax53 V1
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-08T19:21:49.676Z

Reserved: 2026-03-05T17:35:52.174Z

Link: CVE-2026-30817

cve-icon Vulnrichment

Updated: 2026-04-08T19:10:39.247Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T19:25:20.627

Modified: 2026-04-14T16:19:59.500

Link: CVE-2026-30817

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:15:11Z

Weaknesses