TP-Link Devices at Risk as Multiple Security Flaws Enable Takeover

The report discloses five critical-to-medium vulnerabilities in the TP-Link Archer AX53 v1.0 router (CVE-2026-30814, CVE-2026-30815, CVE-2026-30816, CVE-2026-30817, CVE-2026-30818), including OS command injection in OpenVPN and dnsmasq (CVSS 8.5), a stack-based buffer overflow in tmpServer (CVSS 7.3), and file exposure issues that allow local attackers to read arbitrary files; affected firmware versions are older than 1.7.1 Build 20260213 and users should install the official TP-Link firmware update immediately.