← Retour aux CVEs
CVE-2026-5363
N/ADescription
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, leading to unauthorized access and compromise of the device configuration. This issue affects Archer C7: through Build 20220715.
Details CVE
Score CVSS v3.1N/A
Publie4/16/2026
Derniere modification4/17/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-326
References
https://www.tp-link.com/us/support/faq/3562/(f23511db-6c3e-4e32-a477-6aa17d310630)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.