CVE-2026-30817
Arbitrary File Read in TP-Link AX53 OpenVPN Module
Publication date: 2026-04-08
Last updated on: 2026-04-14
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | archer_ax53_firmware | to 1.7.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-15 | One or more system settings or configuration elements can be externally controlled by a user. |
| CWE-610 | The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an external configuration control issue in the OpenVPN module of the TP-Link AX53 version 1.0. It allows an authenticated attacker who is adjacent (on the same network segment) to read arbitrary files on the device by processing a malicious configuration file.
Successful exploitation of this vulnerability can lead to unauthorized access to arbitrary files on the device, which may expose sensitive information.
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized access to arbitrary files on the affected device. This can lead to exposure of sensitive information stored on the device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated adjacent attacker to read arbitrary files on the affected TP-Link AX53 device, potentially exposing sensitive information.
Exposure of sensitive information due to unauthorized file access could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.