{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30816", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2026-03-05T17:35:52.174Z", "datePublished": "2026-04-08T17:53:20.560Z", "dateUpdated": "2026-04-08T19:21:56.624Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-04-08T17:53:20.560Z"}, "title": "Arbitrary File Reading Vulnerability in OpenVPN Module in TP-Link AX53", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-15", "description": "CWE-15 External control of system or configuration setting", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-597", "descriptions": [{"lang": "en", "value": "CAPEC-597 Absolute Path Traversal"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "AX53 v1.0", "modules": ["openvpn"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1 Build 20260213", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An external control of configuration vulnerability in the OpenVPN module\u00a0of TP-Link AX53 v1.0\u00a0allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.\u00a0\nSuccessful\nexploitation may allow unauthorized access to arbitrary files on the device,\npotentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An external control of configuration vulnerability in the OpenVPN module&nbsp;of TP-Link AX53 v1.0&nbsp;allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.&nbsp;\nSuccessful\nexploitation may allow unauthorized access to arbitrary files on the device,\npotentially exposing sensitive information.<p>This issue affects AX53 v1.0: before 1.7.1 Build 20260213.</p>"}]}], "references": [{"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://talosintelligence.com/vulnerability_reports/", "tags": ["third-party-advisory"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Lilith >_> of Cisco Talos", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0-beta"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T19:10:48.309522Z", "id": "CVE-2026-30816", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T19:21:56.624Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30816", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T19:10:48.309522Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T19:10:57.236Z"}}], "cna": {"title": "Arbitrary File Reading Vulnerability in OpenVPN Module in TP-Link AX53", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Lilith >_> of Cisco Talos"}], "impacts": [{"capecId": "CAPEC-597", "descriptions": [{"lang": "en", "value": "CAPEC-597 Absolute Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "modules": ["openvpn"], "product": "AX53 v1.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1 Build 20260213", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://talosintelligence.com/vulnerability_reports/", "tags": ["third-party-advisory"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.0-beta"}, "descriptions": [{"lang": "en", "value": "An external control of configuration vulnerability in the OpenVPN module\u00a0of TP-Link AX53 v1.0\u00a0allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.\u00a0\nSuccessful\nexploitation may allow unauthorized access to arbitrary files on the device,\npotentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "supportingMedia": [{"type": "text/html", "value": "An external control of configuration vulnerability in the OpenVPN module&nbsp;of TP-Link AX53 v1.0&nbsp;allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.&nbsp;\nSuccessful\nexploitation may allow unauthorized access to arbitrary files on the device,\npotentially exposing sensitive information.<p>This issue affects AX53 v1.0: before 1.7.1 Build 20260213.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-15", "description": "CWE-15 External control of system or configuration setting"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-04-08T17:53:20.560Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30816", "state": "PUBLISHED", "dateUpdated": "2026-04-08T19:21:56.624Z", "dateReserved": "2026-03-05T17:35:52.174Z", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "datePublished": "2026-04-08T17:53:20.560Z", "assignerShortName": "TPLink"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An external control of configuration vulnerability in the OpenVPN module\u00a0of TP-Link AX53 v1.0\u00a0allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed.\u00a0\nSuccessful\nexploitation may allow unauthorized access to arbitrary files on the device,\npotentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213."}], "id": "CVE-2026-30816", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2026-04-08T19:25:20.477", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://talosintelligence.com/vulnerability_reports/"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/support/faq/5055/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-15"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-08T19:35:44.205704+00:00", "value": {"mitigation_remediation": ["Update the TP\u2011Link AX53 firmware to version 1.7.1 Build 20260213 or later using the links provided by TP\u2011Link", "If a firmware update is not immediately available, disable the OpenVPN service or block access to configuration files to prevent processing of malicious uploads", "Verify that no unauthorized configuration files exist on the router and monitor system logs for unusual file access attempts"], "summary": {"action": "Patch", "impact": "Unauthorized File Access"}, "threat_synthesis": {"affected_systems": "TP\u2011Link AX53 routers running firmware version 1.0 are affected. The issue is present before firmware build 1.7.1 Build 20260213, so any device with a firmware release older than that is vulnerable.", "description_and_impact": "The vulnerability resides in the OpenVPN module of TP\u2011Link AX53 firmware v1.0. An authenticated adjacent attacker can supply a crafted configuration file that, when processed, permits reading of arbitrary files on the device. This flaw enables unauthorized disclosure of sensitive data stored on the router, potentially exposing configuration secrets, credentials, or other confidential information.", "risk_and_exploitability": "The CVSS score of 6.8 indicates medium severity, and the lack of an EPSS rating means an exact exploitation likelihood is unknown. The flaw is not currently tracked in the CISA KEV catalog. Because the attacker must first be authenticated on the local network, the context is an adjacent attacker with network access. Once authenticated, the exploit is straightforward: upload or push a malicious VPN configuration file, causing the router to read and return the content of arbitrary files."}}}}, "created": "2026-04-08T19:38:51.561402+00:00", "updated": "2026-04-08T19:38:51.561425+00:00", "vendors": []}