CVE-2026-30816
Received Received - Intake
Arbitrary File Read via OpenVPN Config in TP-Link AX

Publication date: 2026-04-08

Last updated on: 2026-04-14

Assigner: TPLink

Description
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.  Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-14
Generated
2026-05-07
AI Q&A
2026-04-09
EPSS Evaluated
2026-05-05
NVD
CVE-2026-30816
EUVD
EUVD-2026-20546
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link archer_ax53_firmware to 1.7.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-15 One or more system settings or configuration elements can be externally controlled by a user.
CWE-610 The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows an authenticated adjacent attacker to read arbitrary files on the device, potentially exposing sensitive information. This unauthorized access to sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls to prevent unauthorized disclosure of personal or protected health information.


Can you explain this vulnerability to me?

This vulnerability is an external control of configuration issue in the OpenVPN module of the TP-Link AX53 version 1.0. It allows an authenticated attacker who is adjacent (on the same network segment) to read arbitrary files on the device by processing a malicious configuration file.

In other words, if an attacker can provide a specially crafted configuration file to the device, they can gain unauthorized access to files that they should not be able to read.


How can this vulnerability impact me? :

Successful exploitation of this vulnerability may allow an attacker to access arbitrary files on the affected device without proper authorization.

This could lead to exposure of sensitive information stored on the device, potentially compromising the security and privacy of the device and its users.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart