{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30814", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2026-03-05T17:35:52.174Z", "datePublished": "2026-04-08T17:52:00.929Z", "dateUpdated": "2026-05-07T15:47:00.488Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-04-08T17:52:00.929Z"}, "title": "Buffer Overflow Vulnerability in TP-Link AX53", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "AX53 v1.0", "modules": ["tmpServer"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1 Build 20260213", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0\u00a0allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity.\n\nThis issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0&nbsp;allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity.\n<br><p>This issue affects AX53 v1.0: before 1.7.1 Build 20260213.</p>"}]}], "references": [{"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://talosintelligence.com/vulnerability_reports/", "tags": ["third-party-advisory"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.3, "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L"}}], "credits": [{"lang": "en", "value": "Lilith >_> of Cisco Talos", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0-beta"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-30814"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T03:56:15.034Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2302"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-05-07T15:47:00.488Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2302"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-05-07T15:47:00.488Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30814", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T19:11:46.191120Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T19:11:49.924Z"}}], "cna": {"title": "Buffer Overflow Vulnerability in TP-Link AX53", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Lilith >_> of Cisco Talos"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "modules": ["tmpServer"], "product": "AX53 v1.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1 Build 20260213", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://talosintelligence.com/vulnerability_reports/", "tags": ["third-party-advisory"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.0-beta"}, "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0\u00a0allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity.\n\nThis issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "supportingMedia": [{"type": "text/html", "value": "A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0&nbsp;allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity.\n<br><p>This issue affects AX53 v1.0: before 1.7.1 Build 20260213.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-04-08T17:52:00.929Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30814", "state": "PUBLISHED", "dateUpdated": "2026-05-07T15:47:00.488Z", "dateReserved": "2026-03-05T17:35:52.174Z", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "datePublished": "2026-04-08T17:52:00.929Z", "assignerShortName": "TPLink"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_ax53_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B096B7BB-7693-4C45-B5F7-8FD6E4969DCE", "versionEndExcluding": "1.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_ax53:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F3EA1D9-EB47-4785-9CF0-F2B51945917D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0\u00a0allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity.\n\nThis issue affects AX53 v1.0: before 1.7.1 Build 20260213."}], "id": "CVE-2026-30814", "lastModified": "2026-05-07T16:16:18.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2026-04-08T19:25:20.140", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"], "url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"], "url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"], "url": "https://www.tp-link.com/us/support/faq/5055/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2302"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.7.1 Build 20260213)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "AX53 v1.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "ax53_v1", "vendor": "tp-link"}], "analysis": {"en": {"generated_at": "2026-04-14T17:48:40.605060+00:00", "value": {"mitigation_remediation": ["Apply the latest Archer AX53 firmware update (1.7.1 Build\u202f20260213 or later) from the TP\u2011Link support website to eliminate the buffer overflow."], "summary": {"action": "Patch ASAP", "impact": "Arbitrary code execution via buffer overflow"}, "threat_synthesis": {"affected_systems": "The vulnerability affects TP\u2011Link Archer AX53 firmware version 1.0 only. It does not impact later builds; versions up through the pre\u20111.7.1 Build 20260213 are susceptible.", "description_and_impact": "A stack\u2011based buffer overflow exists in the tmpServer module of TP\u2011Link Archer AX53 v1.0, allowing an attacker who has authenticated access on the same network to craft a malicious configuration file. Triggering this flaw can cause a segmentation fault and potentially give the attacker arbitrary code execution on the device, enabling modification of device state, exposure of sensitive information, or further compromise of the device\u2019s integrity.", "risk_and_exploitability": "The CVSS score of 7.3 indicates a high severity, while the EPSS score of less than 1\u202f% suggests that current exploitation attempts are rare. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation likely requires an authenticated attacker on the local network who can upload or modify the configuration file in the tmpServer module; the attack surface is therefore limited to users with network proximity and valid credentials."}}}}, "created": "2026-04-08T19:38:52.686006+00:00", "updated": "2026-04-15T16:15:11.934816+00:00", "vendors": ["tp-link", "tp-link$PRODUCT$ax53_v1"]}