TP-Link Archer C7 Inadequate Encryption Strength Vulnerability Allowing Password Recovery

Vulnerability

A vulnerability exists in the TP-Link Archer C7 models v5 and v5.8, specifically within the uhttpd modules, due to inadequate encryption strength. The web interface encrypts the admin password using RSA-1024 before transmission to the router. An adjacent attacker capable of intercepting network traffic could exploit this weakness by performing a brute-force or factorization attack on the 1024-bit RSA key to recover the plaintext password. This would lead to unauthorized access and compromise of the device's configuration. The vulnerability affects Archer C7 models through Build 20220715.

Impact

Exploitation of this vulnerability could result in unauthorized access to the router's admin interface, allowing an attacker to change settings, potentially compromise the network, or misuse the device in other harmful ways.

Added: Apr 16, 2026, 12:21 AM

Updated: Apr 16, 2026, 12:21 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.6

remediation

0.0

relevance

6.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.6

remediation

0.0

relevance

6.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Archer C7 Inadequate Encryption Strength Vulnerability Allowing Password Recovery

Vulnerability

Impact

Affected Products

TP-Link Archer C7

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating