CVE-2026-5039

HIGH

8.8CVSS v3

—CVSS v2

0.02% EPSS (exploit probability)

CWE-1394CWE

Description

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

CVSS v3 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected routers (1)

Vendor	Model	Matched via	Affected versions	Fixed in	Patch Status
TP-Link	TP-Link TL-WR841N	`—`	versionEndExcluding=231120	231120	Patched

External references

NIST NVD
MITRE CVE