CVE-2026-30816
Modified Modified - Updated After Analysis
Arbitrary File Read via OpenVPN Config in TP-Link AX

Publication date: 2026-04-08

Last updated on: 2026-05-07

Assigner: TPLink

Description
An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.  Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30816
EUVD
EUVD-2026-20546
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link archer_ax53_firmware to 1.7.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-610 The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
CWE-15 One or more system settings or configuration elements can be externally controlled by a user.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an external control of configuration issue in the OpenVPN module of the TP-Link AX53 version 1.0. It allows an authenticated attacker who is adjacent (on the same network segment) to read arbitrary files on the device by processing a malicious configuration file.

In other words, if an attacker can provide a specially crafted configuration file to the device, they can gain unauthorized access to files that they should not be able to read.

Impact Analysis

Successful exploitation of this vulnerability may allow an attacker to access arbitrary files on the affected device without proper authorization.

This could lead to exposure of sensitive information stored on the device, potentially compromising the security and privacy of the device and its users.

Compliance Impact

The vulnerability allows an authenticated adjacent attacker to read arbitrary files on the device, potentially exposing sensitive information. This unauthorized access to sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls to prevent unauthorized disclosure of personal or protected health information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30816. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart