An OS command injection flaw exists in the dnsmasq module of TP‑Link Archer AX53 v1.0 routers. The flaw arises from insufficient validation of configuration file inputs, allowing an authenticated attacker on the same network to place malicious directives that are later executed by the system as shell commands. Successful exploitation can give the attacker the ability to alter device settings, read confidential data stored on the router, or take additional actions to compromise system integrity.

This vulnerability affects TP‑Link Archer AX53 routers running firmware version 1.0 (up to but not including 1.7.1 Build 20260213). The affected device is identified by product name Archer AX53 and CPE cpe:2.3:h:tp‑link:archer_ax53:1.0. Only the v1.0 firmware is impacted. Subsequent firmware releases (e.g., 1.7.1 Build 20260213 and later) contain a fix.

The CVSS base score is 8.5, indicating a high severity vulnerability that can lead to full remote code execution. The EPSS score of less than 1% suggests that the exploit is unlikely to be widely used at present, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector, inferred from the requirement for an authenticated adjacent attacker, is a local network compromise where a malicious device or user can upload a crafted configuration file to the router. Once the file is processed, malicious commands are executed with the privileges of the dnsmasq process, potentially granting the attacker persistent control over the router.