CVE-2026-5039

EUVD-2026-25250

23.04.2026, 18:16

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Affected Products (NVD)

Vendor	Product	Version
tp-link	tl-wr841n_firmware	𝑥 < 231120

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-1394 - Use of Default Cryptographic Key
The product uses a default cryptographic key for potentially critical functionality.

References

https://www.tp-link.com/us/support/download/tl-wr841n/v13/#Firmware