CVE-2026-30816

Summary

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.  Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.AX53 v1.00 < 1.7.1 Build 20260213affected

Weaknesses

  • CWE-15: CWE-15 External control of system or configuration setting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References