216.73.217.50

CVE-2026-5363

· Published 16/04/2026 00:16 · Modified 17/04/2026 15:17

Labels: CVE-2026-5363 2026-04-16CVE-2026-5363CWE-326f23511db-6c3e-4e32-a477-6aa17d310630

Essential information

Published
16/04/2026 00:16
Modified
17/04/2026 15:17
Author
Creator
CVSS
5.4 MEDIUM (v3) 5.4 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login.  An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, leading to unauthorized access and compromise of the device configuration.  This issue affects Archer C7: through Build 20220715.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
f23511db-6c3e-4e32-a477-6aa17d310630
NVD
View on NVD

Affected products (CPE)

ProductCPE
tp-link / archer c7 cpe:2.3:a:tp-link:archer_c7:v5:*:*:*:*:*:*:*
tp-link / archer c7 cpe:2.3:a:tp-link:archer_c7:v5.8:*:*:*:*:*:*:*

References