{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30818", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2026-03-05T17:35:52.175Z", "datePublished": "2026-04-08T17:54:44.175Z", "dateUpdated": "2026-04-09T03:56:18.130Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-04-08T17:54:44.175Z"}, "title": "OS Command Injection Vulnerability in dnsmasq Module in TP-Link AX53", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "AX53 v1.0", "modules": ["dnsmasq"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1 Build 20260213", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity.\n\nThis issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity.\n<br><p>This issue affects AX53 v1.0: before 1.7.1 Build 20260213.</p>"}]}], "references": [{"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://talosintelligence.com/vulnerability_reports/", "tags": ["third-party-advisory"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L"}}], "credits": [{"lang": "en", "value": "Lilith >_> of Cisco Talos", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0-beta"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-30818"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T03:56:18.130Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30818", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T19:10:17.437569Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T19:10:21.371Z"}}], "cna": {"title": "OS Command Injection Vulnerability in dnsmasq Module in TP-Link AX53", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Lilith >_> of Cisco Talos"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "modules": ["dnsmasq"], "product": "AX53 v1.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1 Build 20260213", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware", "tags": ["patch"]}, {"url": "https://talosintelligence.com/vulnerability_reports/", "tags": ["third-party-advisory"]}, {"url": "https://www.tp-link.com/us/support/faq/5055/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.0-beta"}, "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity.\n\nThis issue affects AX53 v1.0: before 1.7.1 Build 20260213.", "supportingMedia": [{"type": "text/html", "value": "An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity.\n<br><p>This issue affects AX53 v1.0: before 1.7.1 Build 20260213.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-04-08T17:54:44.175Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30818", "state": "PUBLISHED", "dateUpdated": "2026-04-09T03:56:18.130Z", "dateReserved": "2026-03-05T17:35:52.175Z", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "datePublished": "2026-04-08T17:54:44.175Z", "assignerShortName": "TPLink"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity.\n\nThis issue affects AX53 v1.0: before 1.7.1 Build 20260213."}], "id": "CVE-2026-30818", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2026-04-08T19:25:20.770", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://talosintelligence.com/vulnerability_reports/"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "url": "https://www.tp-link.com/us/support/faq/5055/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.7.1 Build 20260213)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "AX53 v1.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "ax53_v1", "vendor": "tp-link"}], "analysis": {"en": {"generated_at": "2026-04-08T20:24:00.410424+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update (at least 1.7.1 Build 20260213) from TP\u2011Link\u2019s official support site.", "If a firmware update cannot be applied immediately, block the dnsmasq configuration interface from untrusted LAN segments by using a firewall or VLAN.", "Continuously monitor device logs for unexpected configuration changes or command execution, and isolate the device if suspicious activity is observed."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary code execution"}, "threat_synthesis": {"affected_systems": "The firmware version 1.0 of TP\u2011Link Archer AX53, and any builds released before 1.7.1 Build 20260213, are vulnerable to this issue.", "description_and_impact": "An OS command injection flaw in the dnsmasq module of the TP\u2011Link Archer AX53 allows an attacker who has already authenticated on the local network to craft a configuration file that triggers execution of arbitrary system commands. The attacker can then modify the device\u2019s settings, leak sensitive information, or further compromise the system\u2019s integrity.", "risk_and_exploitability": "The vulnerability has a high severity rating of 8.5. Although no industry-wide exploit probability data is available and it is not listed in the Known Exploited Vulnerabilities catalog, the need for local network authentication limits the initial attack surface. Once the attacker reaches the device, the lack of input validation makes exploitation straightforward, potentially granting full control over the device."}}}}, "created": "2026-04-09T08:18:33.016840+00:00", "updated": "2026-04-09T08:27:59.391419+00:00", "vendors": ["tp-link", "tp-link$PRODUCT$ax53_v1"]}