修复版本
20220715.0.1
CVE-2026-5363 is a vulnerability affecting TP-Link Archer C7 v5 and v5.8 routers with firmware builds up to 20220715. This flaw allows an adjacent attacker to recover the administrator password due to weak RSA-1024 encryption used for client-side password protection. Successful exploitation can lead to unauthorized access and compromise of the router's configuration, potentially impacting connected devices.
The primary impact of CVE-2026-5363 is the potential for an attacker to gain unauthorized access to the router's administrative interface. By intercepting network traffic and performing a brute-force or factorization attack against the weak RSA-1024 key, an attacker can recover the plaintext administrator password. This allows them to modify router settings, redirect traffic, install malicious firmware, or use the router as a pivot point to attack other devices on the network. The blast radius extends to all devices connected to the compromised router, making it a significant security risk, especially in home and small office environments.
CVE-2026-5363 was publicly disclosed on 2026-04-15. While no public proof-of-concept (PoC) code has been released, the vulnerability's nature (weak encryption) makes it likely that PoCs will emerge. The EPSS score is likely to be medium, reflecting the relatively low technical skill required to exploit the vulnerability and the potential for significant impact. It is not currently listed on the CISA KEV catalog.
Home and small office users who rely on TP-Link Archer C7 v5 and v5.8 routers with firmware builds up to 20220715 are at risk. Shared hosting environments where routers are managed by the provider are also vulnerable. Users who have not updated their router firmware are particularly susceptible.
• linux / server: Monitor network traffic using tools like tcpdump or Wireshark for attempts to capture login credentials. Filter for traffic to the router's web interface (typically port 80 or 443).
tcpdump -i <interface> 'port 80 or port 443' -w capture.pcap• generic web: Use curl to test the router's login page and observe the encryption method used. Look for signs of weak RSA encryption in the captured traffic.
curl -v https://<router_ip>/login• generic web: Examine router access logs for failed login attempts and unusual activity. Look for patterns that might indicate a brute-force attack.
disclosure
漏洞利用状态
EPSS
0.00% (0% 百分位)
CISA SSVC
The primary mitigation for CVE-2026-5363 is to upgrade the TP-Link Archer C7 router to a firmware version that addresses the weak encryption. Check the TP-Link support website for updated firmware releases. As an interim measure, monitor network traffic for suspicious activity, particularly attempts to intercept or replay login credentials. Consider implementing network segmentation to limit the potential impact of a compromised router. After upgrading, verify the password recovery mechanism is no longer vulnerable by attempting to intercept and decrypt login traffic.
Actualice el firmware de su router TP-Link Archer C7 v5 o v5.8 a una versión posterior a Build 20220715. TP-Link ha publicado actualizaciones de firmware para abordar esta vulnerabilidad. Consulte el sitio web de soporte de TP-Link para obtener instrucciones y descargas.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-5363 is a vulnerability in TP-Link Archer C7 v5/v5.8 routers that allows attackers to recover the administrator password due to weak RSA-1024 encryption, potentially leading to unauthorized access.
You are affected if you are using a TP-Link Archer C7 v5 or v5.8 router with firmware build 20220715 or earlier. Check your router's firmware version in the administration interface.
Upgrade your TP-Link Archer C7 router to the latest available firmware version from the TP-Link support website. This update should address the weak encryption vulnerability.
While no active exploitation has been confirmed, the vulnerability's nature makes it likely that it will be exploited. Monitoring network traffic is recommended.
Refer to the TP-Link support website for the latest security advisories and firmware updates related to CVE-2026-5363.