PatchSiren cyber security CVE debrief
CVE-2026-5039 TP-Link Systems Inc. CVE debrief
CVE-2026-5039 is a high-severity vulnerability in TP-Link TL-WR841N v13, which uses DES-CBC encryption in the TDDPv2 debug protocol with a predictable cryptographic key derived from default web management credentials. If the device is left in its default configuration, a network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger a device reboot, resulting in loss of integrity and a denial-of-service condition. The vulnerability was fixed in TL-WR841N v13 0.9.1 Build 20231120 Rel.62366. This issue has a CVSS score of 8.3 and is classified as HIGH. The vulnerability was publicly disclosed on April 29, 2026.
- Vendor
- TP-Link Systems Inc.
- Product
- Archer AX53 v1.0
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-29
- Original CVE updated
- 2026-04-29
- Advisory published
- 2026-04-29
- Advisory updated
- 2026-04-29
Who should care
Organizations using TP-Link TL-WR841N v13 devices should prioritize patching this vulnerability, as it can be exploited by network-adjacent attackers to gain unauthorized access and disrupt device operations. Given the high severity and potential impact, IT teams responsible for network infrastructure and device management should take immediate action to identify and update vulnerable devices.
Technical summary
The TP-Link TL-WR841N v13 device uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials. This key is predictable if the device is left in its default configuration. An attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger a device reboot. The vulnerability has been fixed in version 0.9.1 Build 20231120 Rel.62366 of TL-WR841N v13. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.3, indicating a high level of severity.
Defensive priority
High priority should be given to patching CVE-2026-5039, as it allows for unauthorized access and disruption of network devices. Immediate action is recommended to update vulnerable TL-WR841N v13 devices to version 0.9.1 Build 20231120 Rel.62366 or later.
Recommended defensive actions
- Update TL-WR841N v13 devices to version 0.9.1 Build 20231120 Rel.62366 or later.
- Review device configurations to ensure default web management credentials have been changed.
- Implement network segmentation to limit the spread of potential attacks.
- Monitor network traffic for suspicious activity related to the TDDPv2 debug protocol.
- Consider replacing devices that cannot be patched with more secure alternatives.
Evidence notes
The CVE-2026-5039 vulnerability details were obtained from the CISA CSAF source item (source_item_44ce84ba-8f8d-41dc-942e-b3a5b55cbf89) and CVE.org. The vulnerability affects TP-Link TL-WR841N v13 devices and allows for unauthorized access due to a predictable cryptographic key. The issue has been fixed in TL-WR841N v13 0.9.1 Build 20231120 Rel.62366.
Official resources
-
CVE-2026-5039 CVE record
CVE.org
-
CVE-2026-5039 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
This article was generated with AI assistance based on the supplied source corpus and is intended for informational purposes only.