CVE-2026-30814

High

Published: 08 April 2026

Published

08 April 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0003 10.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30814 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely remediation through firmware updates to version 1.7.1 Build 20260213 or later directly eliminates the stack-based buffer overflow in the tmpServer module.

SI-10 Information Input Validation good match

prevent

Validating the length, format, and content of uploaded configuration files prevents the buffer overflow triggered by specially crafted inputs.

SI-16 Memory Protection partial match

prevent

Stack canaries, address space layout randomization, and non-executable stack protections mitigate arbitrary code execution from the buffer overflow even if triggered.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in router config upload service enables exploitation of the management interface (T1190) by low-priv authenticated users to achieve arbitrary code execution and privilege escalation (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash…

and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Deeper analysisAI

CVE-2026-30814 is a stack-based buffer overflow vulnerability (CWE-121, CWE-787) in the tmpServer module of the TP-Link Archer AX53 v1.0 router firmware. It affects versions prior to 1.7.1 Build 20260213. The flaw enables an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code by uploading a specially crafted configuration file. The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

An attacker with adjacent network access (e.g., on the same local network) and valid low-privilege credentials can exploit this issue remotely over the network. By crafting and submitting a malicious configuration file, they can cause a device crash or achieve remote code execution. Successful exploitation could allow modification of the device's configuration or state, exposure of sensitive data such as credentials or network information, and broader compromise of the router's integrity, potentially serving as a pivot for further network attacks.

Mitigation requires updating the TP-Link Archer AX53 v1.0 to firmware version 1.7.1 Build 20260213 or later, available via TP-Link's support download pages for various regions. Additional details are provided in the Talos Intelligence vulnerability report and a related TP-Link FAQ on securing devices.

Details

CWE(s): CWE-121 CWE-787

Affected Products

tp-link

archer ax53 firmware

≤ 1.7.1

CVEs Like This One

CVE-2025-15608Same product: Tp-Link Archer Ax53

CVE-2025-59482Same product: Tp-Link Archer Ax53

CVE-2025-62405Same product: Tp-Link Archer Ax53

CVE-2026-30815Same product: Tp-Link Archer Ax53

CVE-2025-59487Same product: Tp-Link Archer Ax53

CVE-2025-61944Same product: Tp-Link Archer Ax53

CVE-2026-30818Same product: Tp-Link Archer Ax53

CVE-2025-58455Same product: Tp-Link Archer Ax53

CVE-2025-58077Same product: Tp-Link Archer Ax53

CVE-2025-15607Same product: Tp-Link Archer Ax53

References

https://talosintelligence.com/vulnerability_reports/
Third Party Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/us/support/faq/5055/
Vendor Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2302
af854a3a-2127-422b-91ae-364da2661108