Tp Link · Archer C7 · CVE-2026-5363
**Name of the Vulnerable Software and Affected Versions**
TP-Link Archer C7 versions v5 and v5.8 through Build 20220715
**Description**
Inadequate encryption strength in the uhttpd modules allows for password recovery exploitation. The web interface encrypts the admin password client-side using RSA-1024 before transmission to the router during login. An adjacent attacker capable of intercepting network traffic could perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, potentially leading to unauthorized access and compromise of the device configuration.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.