TP-Link Archer AX53 OS Command Injection Vulnerability in OpenVPN Module

A command injection vulnerability has been identified in the OpenVPN module of the TP-Link Archer AX53 v1.0 router, prior to version 1.7.1 Build 20260213. This vulnerability allows an authenticated adjacent attacker to execute system commands by exploiting insufficient input validation in specially crafted configuration files. Successful exploitation could lead to unauthorized modifications of configuration files, disclosure of sensitive information, or a broader compromise of the device's integrity.

Impact

Exploitation of this vulnerability could allow for unauthorized execution of system commands, potentially leading to modifications of device configuration, access to sensitive information, or a general compromise of the device's integrity.

Remediation

Users are advised to update to the latest firmware version, 1.7.1 Build 20260213, available on the TP-Link official website. Note that this version upgrade is irreversible.