CVE-2026-30818

High

Published: 08 April 2026

Published

08 April 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0017 37.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30818 is a high-severity OS Command Injection (CWE-78) vulnerability in Tp-Link Archer Ax53 Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly addresses the insufficient input validation in dnsmasq configuration file processing that enables OS command injection.

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely flaw remediation, such as applying the vendor-released firmware patch to version 1.7.1 Build 20260213 or later.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

RA-5 enables vulnerability scanning to identify this specific command injection flaw in router firmware for prompt remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

OS command injection in network device firmware directly enables RCE via Unix shell (T1059.004) after exploitation of the exposed service (T1190).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow…

the attacker to modify device configuration, access sensitive information, or further compromise system integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Deeper analysisAI

CVE-2026-30818 is an OS command injection vulnerability (CWE-78) in the dnsmasq module of the TP-Link Archer AX53 v1.0 router firmware. The flaw arises from insufficient input validation when processing a specially crafted configuration file, enabling arbitrary code execution. It affects AX53 v1.0 firmware versions prior to 1.7.1 Build 20260213 and carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An authenticated adjacent attacker can exploit this vulnerability by supplying a malicious configuration file to the dnsmasq module. Successful exploitation allows execution of arbitrary operating system commands, potentially enabling the attacker to modify device configurations, access sensitive information, or further compromise the system's integrity.

Mitigation is available through a firmware update to version 1.7.1 Build 20260213 or later, which TP-Link has released for the Archer AX53 v1.0 on their support download pages for various regions. Additional details are provided in the Talos Intelligence vulnerability report and TP-Link's FAQ on securing routers. Security practitioners should verify and apply the patch promptly, especially for devices on adjacent networks.

Details

CWE(s): CWE-78

Affected Products

tp-link

archer ax53 firmware

≤ 1.7.1

CVEs Like This One

CVE-2026-30815Same product: Tp-Link Archer Ax53

CVE-2026-30814Same product: Tp-Link Archer Ax53

CVE-2025-15608Same product: Tp-Link Archer Ax53

CVE-2025-15607Same product: Tp-Link Archer Ax53

CVE-2025-61944Same product: Tp-Link Archer Ax53

CVE-2025-61983Same product: Tp-Link Archer Ax53

CVE-2024-57357Same vendor: Tp-Link

CVE-2025-59487Same product: Tp-Link Archer Ax53

CVE-2025-62501Same product: Tp-Link Archer Ax53

CVE-2026-0654Same vendor: Tp-Link

References

https://talosintelligence.com/vulnerability_reports/
Third Party Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware
Product · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/us/support/faq/5055/
Vendor Advisory · f23511db-6c3e-4e32-a477-6aa17d310630
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2306
af854a3a-2127-422b-91ae-364da2661108