Primary

Context

TP-Link Archer AX53 OS Command Injection Vulnerability in dnsmasq Module

Vulnerability

A command injection vulnerability has been identified in the dnsmasq module of the TP-Link Archer AX53 v1.0 router. This vulnerability allows an authenticated adjacent attacker to execute arbitrary code by exploiting insufficient input validation in specially crafted configuration files. Successful exploitation could lead to unauthorized modification of device settings, access to sensitive information, or a broader compromise of system integrity.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary code on the device, potentially leading to unauthorized changes in device configuration, access to sensitive data, or a general compromise of the device's security.

Remediation

Users are advised to update to the latest firmware version, 1.7.1 Build 20260213, available on the TP-Link official website. Note that this update is irreversible and cannot be downgraded.

Added: Apr 8, 2026, 8:26 PM

Updated: Apr 8, 2026, 8:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Archer AX53 OS Command Injection Vulnerability in dnsmasq Module

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating