RCE in Tp-link Archer_ax53
CVE-2026-30815
An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.001 (29.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Tp-link Archer_ax53 — versions 1.0
- Tp-link Archer_ax53_firmware
- Tp-link Systems Inc. Ax53 V1.0 — versions 0
Weakness classification (CWE)
References
- f23511db-6c3e-4e32-a477-6aa17d310630 (Product, patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (Product, patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (Third Party Advisory, third-party-advisory)
- f23511db-6c3e-4e32-a477-6aa17d310630 (vendor-advisory, Vendor Advisory)
- af854a3a-2127-422b-91ae-364da2661108
- af854a3a-2127-422b-91ae-364da2661108
- af854a3a-2127-422b-91ae-364da2661108
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2026-30815?
- CVE-2026-30815 is a high-severity vulnerability in Tp-link Archer_ax53, classified under OS Command Injection. CVSS score: 8.0/10. Published 2026-04-08.
- How severe is CVE-2026-30815?
- High severity. CVSS v3 base score is 8.0 out of 10.