Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Weak Encryption on TP-Link Archer C7 Routers Exposes Admin Passwords
CVE-2026-5363
Summary
A security weakness in TP-Link Archer C7 routers (models v5 and v5.8) makes it possible for hackers with access to network traffic to guess or crack the admin password, giving them control over the router's settings. Affected routers are those with software up to build 20220715. Users should update their router's firmware to the latest version to fix this issue.
Original title
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using...
Original description
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login.
An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, leading to unauthorized access and compromise of the device configuration. This issue affects Archer C7: through Build 20220715.
An adjacent attacker with the ability to intercept network traffic could potentially perform a brute-force or factorization attack against the 1024-bit RSA key to recover the plaintext administrator password, leading to unauthorized access and compromise of the device configuration. This issue affects Archer C7: through Build 20220715.
nvd CVSS4.0
5.4
Vulnerability type
CWE-326
Inadequate Encryption Strength
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026