PT-2026-34683 · Tp Link Systems+1 · Tl-Wl841N V13+1
Published
2026-04-23
·
Updated
2026-05-05
·
CVE-2026-5039
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TP-Link TL-WR841N version v13
Description
The TDDPv2 debug protocol uses DES-CBC encryption with a cryptographic key derived from default web management credentials. This makes the key predictable when the device maintains its default configuration. A network-adjacent attacker can exploit this to gain unauthorized access to the protocol, read debug data, modify specific device configuration values, and trigger a device reboot, leading to a loss of integrity and a denial-of-service condition.
Recommendations
Change the default web management credentials to ensure the cryptographic key is no longer predictable.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tl-Wl841N V13
Tl-Wr841N Firmware