Platform
tplink
Component
archer-c7
Fixed in
20220715.0.1
CVE-2026-5363 is a vulnerability affecting TP-Link Archer C7 v5 and v5.8 routers with firmware builds up to 20220715. This flaw allows an adjacent attacker to recover the administrator password due to weak RSA-1024 encryption used for client-side password protection. Successful exploitation can lead to unauthorized access and compromise of the router's configuration, potentially impacting connected devices.
The primary impact of CVE-2026-5363 is the potential for an attacker to gain unauthorized access to the router's administrative interface. By intercepting network traffic and performing a brute-force or factorization attack against the weak RSA-1024 key, an attacker can recover the plaintext administrator password. This allows them to modify router settings, redirect traffic, install malicious firmware, or use the router as a pivot point to attack other devices on the network. The blast radius extends to all devices connected to the compromised router, making it a significant security risk, especially in home and small office environments.
CVE-2026-5363 was publicly disclosed on 2026-04-15. While no public proof-of-concept (PoC) code has been released, the vulnerability's nature (weak encryption) makes it likely that PoCs will emerge. The EPSS score is likely to be medium, reflecting the relatively low technical skill required to exploit the vulnerability and the potential for significant impact. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.00% (0% percentile)
CISA SSVC
The primary mitigation for CVE-2026-5363 is to upgrade the TP-Link Archer C7 router to a firmware version that addresses the weak encryption. Check the TP-Link support website for updated firmware releases. As an interim measure, monitor network traffic for suspicious activity, particularly attempts to intercept or replay login credentials. Consider implementing network segmentation to limit the potential impact of a compromised router. After upgrading, verify the password recovery mechanism is no longer vulnerable by attempting to intercept and decrypt login traffic.
Update the firmware of your TP-Link Archer C7 v5 or v5.8 router to a version later than Build 20220715. TP-Link has released firmware updates to address this vulnerability. Refer to the TP-Link support website for instructions and downloads.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5363 is a vulnerability in TP-Link Archer C7 v5/v5.8 routers that allows attackers to recover the administrator password due to weak RSA-1024 encryption, potentially leading to unauthorized access.
You are affected if you are using a TP-Link Archer C7 v5 or v5.8 router with firmware build 20220715 or earlier. Check your router's firmware version in the administration interface.
Upgrade your TP-Link Archer C7 router to the latest available firmware version from the TP-Link support website. This update should address the weak encryption vulnerability.
While no active exploitation has been confirmed, the vulnerability's nature makes it likely that it will be exploited. Monitoring network traffic is recommended.
Refer to the TP-Link support website for the latest security advisories and firmware updates related to CVE-2026-5363.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.