CVE-2026-5363

Name of the Vulnerable Software and Affected Versions TP-Link Archer C7 versions v5 and v5.8 through Build 20220715

Description Inadequate encryption strength in the uhttpd modules allows for password recovery exploitation. The web interface encrypts the admin password client-side using RSA-1024 before transmission to the router during login. An adjacent attacker capable of intercepting network traffic could perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, potentially leading to unauthorized access and compromise of the device configuration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.