This page lists publicly disclosed CVE vulnerabilities affecting tp-link archer_ax53_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-30818 | An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. | f23511db-6c3e-4e32-a477-6aa17d310630 | 8.5 | 1.23% | 2026-04-08 | 2026-05-07 |
| CVE-2026-30817 | An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213. | f23511db-6c3e-4e32-a477-6aa17d310630 | 6.8 | 0.28% | 2026-04-08 | 2026-05-07 |
| CVE-2026-30816 | An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213. | f23511db-6c3e-4e32-a477-6aa17d310630 | 6.8 | 0.29% | 2026-04-08 | 2026-05-07 |
| CVE-2026-30815 | An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modification of configuration files, disclosure of sensitive information, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. | f23511db-6c3e-4e32-a477-6aa17d310630 | 8.5 | 1.16% | 2026-04-08 | 2026-05-07 |
| CVE-2026-30814 | A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 0.42% | 2026-04-08 | 2026-05-07 |
| CVE-2025-15608 | This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.7 | 0.53% | 2026-03-20 | 2026-04-02 |
| CVE-2025-15607 | A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 1.95% | 2026-03-20 | 2026-04-02 |
| CVE-2025-62673 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | f23511db-6c3e-4e32-a477-6aa17d310630 | 8.6 | 0.55% | 2026-02-03 | 2026-03-16 |
| CVE-2025-62501 | SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.0 | 0.46% | 2026-02-03 | 2026-03-16 |
| CVE-2025-62405 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 0.47% | 2026-02-03 | 2026-03-16 |
| CVE-2025-62404 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 0.47% | 2026-02-03 | 2026-03-16 |
| CVE-2025-61983 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 0.47% | 2026-02-03 | 2026-03-16 |
| CVE-2025-61944 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 0.40% | 2026-02-03 | 2026-03-16 |
| CVE-2025-59487 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine the write location in memory. By crafting a packet with a manipulated field offset, an attacker can redirect writes to arbitrary memory locations.This issue affects Archer AX53 v1.0: through 1.3.1 Bui | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 0.40% | 2026-02-03 | 2026-03-16 |
| CVE-2025-59482 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 0.40% | 2026-02-03 | 2026-03-16 |
| CVE-2025-58455 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 0.40% | 2026-02-03 | 2026-03-16 |
| CVE-2025-58077 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.3 | 0.40% | 2026-02-03 | 2026-03-16 |
| CVE-2026-0834 | Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260 | f23511db-6c3e-4e32-a477-6aa17d310630 | 7.2 | 0.40% | 2026-01-21 | 2026-04-23 |