Details of VAR-202604-2484

ID

VAR-202604-2484

CVE

CVE-2026-5039

TITLE

TP-LINK Technologies of TL-WR841N Vulnerability in firmware regarding the use of default encryption keys

Trust: 0.8

sources: JVNDB: JVNDB-2026-013941

DESCRIPTION

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition. This can result in loss of integrity and cause a denial-of-service condition.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5039 // JVNDB: JVNDB-2026-013941

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr841n	scope:	lt	version:	231120	Trust: 1.0
vendor:	tp link	model:	tl-wr841n	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr841n	scope:	eq	version:	tl-wr841n firmware 231120	Trust: 0.8

sources: JVNDB: JVNDB-2026-013941 // NVD: CVE-2026-5039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-5039
value:	HIGH
Trust: 1.0
f23511db-6c3e-4e32-a477-6aa17d310630:	CVE-2026-5039
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2026-5039
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-5039
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-5039
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-013941 // NVD: CVE-2026-5039 // NVD: CVE-2026-5039

PROBLEMTYPE DATA

problemtype:	CWE-1394	Trust: 1.0
problemtype:	Using the default encryption key (CWE-1394) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-013941 // NVD: CVE-2026-5039

EXTERNAL IDS

db:	NVD	id:	CVE-2026-5039	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-013941	Trust: 0.8

sources: JVNDB: JVNDB-2026-013941 // NVD: CVE-2026-5039

REFERENCES

url:	https://www.tp-link.com/us/support/download/tl-wr841n/v13/#firmware	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2026-5039	Trust: 0.8

sources: JVNDB: JVNDB-2026-013941 // NVD: CVE-2026-5039

SOURCES

db:	JVNDB	id:	JVNDB-2026-013941
db:	NVD	id:	CVE-2026-5039

LAST UPDATE DATE

2026-06-19T23:29:12.164000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-013941	date:	2026-05-07T01:51:00
db:	NVD	id:	CVE-2026-5039	date:	2026-05-05T14:11:58.700

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-013941	date:	2026-05-07T00:00:00
db:	NVD	id:	CVE-2026-5039	date:	2026-04-23T18:16:30.377