CVE-2026-5363

Published: Apr 15, 2026

Modified: Apr 16, 2026

PUBLISHED

Description

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, leading to unauthorized access and compromise of the device configuration. This issue affects Archer C7: through Build 20220715.

Vendor	Product	Versions
TP-Link Systems Inc.	Archer C7 v5 and v5.8	affected `0 - <= Build 20220715`

Weaknesses (CWE)

CWE-326

References

https://www.tp-link.com/us/support/faq/3562/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-5363

Description

Affected Products

Weaknesses (CWE)

References