Cyber Resilience

CVE-2026-5363

MediumUpdated

Published: 16 April 2026

Published
16 April 2026
Modified
22 May 2026
KEV Added
Patch
CVSS Score v4 5.4 CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0000 0.2th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5363 is a medium-severity Inadequate Encryption Strength (CWE-326) vulnerability in Tp-Link Archer C7. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Password Cracking (T1110.002); ranked at the 0.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the…

more

ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, leading to unauthorized access and compromise of the device configuration. This issue affects Archer C7: through Build 20220715.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1110.002 Password Cracking Credential Access
Adversaries may use password cracking to attempt to recover usable credentials, such as plaintext passwords, when credential material such as password hashes are obtained.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Weak RSA-1024 client-side encryption directly enables offline factorization/brute-force key recovery (T1110.002) on intercepted login traffic, exposing plaintext credentials (T1552).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

Affected Assets

tp-link
archer c7 firmware
≤ 1.2.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-326

Maintaining currency with technologies and practices reduces selection of encryption mechanisms that provide inadequate strength.

addresses: CWE-326

Updated assessments identify when previously adequate encryption strength no longer meets current attack capabilities or compliance drivers.

addresses: CWE-326

Establishment procedures require selection and generation of keys with adequate length and strength for the chosen algorithm.

addresses: CWE-326

Specifies required cryptography types and parameters, preventing selection of inadequate encryption strength.

addresses: CWE-326

Prompt patching corrects inadequate encryption strength when vendors release updates that increase key sizes or algorithm security.

References