Details of VAR-202604-4026

ID

VAR-202604-4026

CVE

CVE-2026-5363

TITLE

TP-LINK Technologies of Archer C7 Cryptographic Strength Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-017093

DESCRIPTION

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, leading to unauthorized access and compromise of the device configuration. This issue affects Archer C7: through Build 20220715. RSA-1024 It is encrypted using and sent to the router. Archer C7 of 2022 Year 7 Moon 15 This will affect the daily build.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5363 // JVNDB: JVNDB-2026-017093

AFFECTED PRODUCTS

vendor:	tp link	model:	archer c7	scope:	eq	version:	-	Trust: 1.8
vendor:	tp link	model:	archer c7	scope:	eq	version:	archer c7 firmware 1.2.1	Trust: 0.8

sources: JVNDB: JVNDB-2026-017093 // NVD: CVE-2026-5363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-5363
value:	HIGH
Trust: 1.0
f23511db-6c3e-4e32-a477-6aa17d310630:	CVE-2026-5363
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2026-5363
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-5363
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-5363
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-017093 // NVD: CVE-2026-5363 // NVD: CVE-2026-5363

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.0
problemtype:	Inappropriate cryptographic strength (CWE-326) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-017093 // NVD: CVE-2026-5363

EXTERNAL IDS

db:	NVD	id:	CVE-2026-5363	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-017093	Trust: 0.8

sources: JVNDB: JVNDB-2026-017093 // NVD: CVE-2026-5363

REFERENCES

url:	https://www.tp-link.com/us/support/faq/3562/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-5363	Trust: 0.8

sources: JVNDB: JVNDB-2026-017093 // NVD: CVE-2026-5363

SOURCES

db:	JVNDB	id:	JVNDB-2026-017093
db:	NVD	id:	CVE-2026-5363

LAST UPDATE DATE

2026-06-19T23:37:44.952000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-017093	date:	2026-05-28T05:39:00
db:	NVD	id:	CVE-2026-5363	date:	2026-05-06T14:08:58.067

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-017093	date:	2026-05-28T00:00:00
db:	NVD	id:	CVE-2026-5363	date:	2026-04-16T00:16:29.547