Affected Vendors This Week:
- TP-Link: 5 CVEs (3 High, 2 Medium)
- SonicWall: 4 CVEs (2 High, 2 None)
TP-Link Archer AX53 Under Fire
This week brings a significant cluster of vulnerabilities affecting the TP-Link Archer AX53 v1.0, with three critical remote code execution flaws that demand immediate attention. All five TP-Link CVEs this week target the same model, suggesting a pattern of insufficient input validation across multiple modules.
The most dangerous are the three high-severity command injection vulnerabilities:
- CVE-2026-30815 (CVSS 8.0) affects the OpenVPN module, allowing authenticated adjacent attackers to execute system commands via malicious configuration files.
- CVE-2026-30818 (CVSS 8.0) impacts dnsmasq, with similar command injection attack vectors.
- CVE-2026-30814 (CVSS 8.0) is a stack-based buffer overflow in tmpServer that can trigger arbitrary code execution or device crashes.
Two medium-severity issues—CVE-2026-30816 and CVE-2026-30817 (both CVSS 5.7)—allow authenticated attackers to read arbitrary files through OpenVPN configuration manipulation.
Action required: If you manage Archer AX53 v1.0 devices, check TP-Link's support site immediately for firmware patches. These require authenticated access but can escalate network compromise quickly. Consider network segmentation for affected devices pending updates.
SonicWall SMA1000 Authentication Bypass Concerns
SonicWall's SMA1000 series appliances face two high-severity authentication weaknesses this week. CVE-2026-4116 (CVSS 7.2) allows authenticated SSL VPN users to bypass TOTP authentication through Unicode handling flaws, while CVE-2026-4113 (CVSS 7.2) enables credential enumeration via response timing analysis.
Two additional CVEs—CVE-2026-4112 and CVE-2026-4114—involve SQL injection and admin TOTP bypass; while currently unassigned severity scores, they warrant evaluation in your environment given the authentication focus of this vulnerability batch.
Action required: Verify SonicWall SMA1000 firmware versions and apply available security patches. If multi-factor authentication is your primary defense, these bypasses are a priority. Review VPN access logs for suspicious authentication patterns.