CVE-2026-30817 PUBLISHED

Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53

Assigner: TPLink
Reserved: 05.03.2026 Published: 08.04.2026 Updated: 08.04.2026

An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.8

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Adjacent	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	TP-Link Systems Inc.
Product	AX53 v1.0
Versions	Default: unaffected affected from 0 to 1.7.1 Build 20260213 (excl.)

Credits

Lilith >_> of Cisco Talos reporter

References

Problem Types

CWE-15 External control of system or configuration setting CWE

Impacts

CAPEC-597 Absolute Path Traversal